Can you pls, share with as the same on ubuntu? We will be greatfull 2018-02-07 8:46 GMT+05:00 Maxim Solodovnik <[email protected]>:
> Thanks for sharing! > > On Wed, Feb 7, 2018 at 6:03 AM, <[email protected]> wrote: > >> Setup OpenmMeetings 4.0.1 for SSL on Windows 10 using LE certificate >> >> Prerequisites: >> Download Let's Encrypt portable client for Windows: >> https://github.com/do-know/Crypt-LE/releases >> OpenMeetings is installed in c:\red5401 >> >> Review the official documentation: https://openmeetings.apache.or >> g/RTMPSAndHTTPS.html >> >> On the Router, enable the following rules in /jffs/scripts/firewall-start >> # Enable OpenMeetings HTTP/HTTPS forward to OM server internal IP >> 192.168.0.135 (change it to your OM server's IP) >> /usr/sbin/iptables -t nat -A PREROUTING -j DNAT -p tcp -d $(nvram get >> wan0_ipaddr) --dport 443 --to-destination 192.168.0.135:5443 >> /usr/sbin/iptables -t nat -A PREROUTING -j DNAT -p tcp -d $(nvram get >> wan0_ipaddr) --dport 80 --to-destination 192.168.0.135:5080 >> >> cmd >> mkdir c:\SSL >> set OPENSSL_CONF=c:\SSL\openssl.cnf >> cd c:\SSL >> mkdir c:\red5401\webapps\root\.well-known\acme-challenge >> >> My dynamic DNS web site -> OM.DYNU.NET. Change to your DNS entry. >> >> 1. Create a keystore and key using the same password: >> keytool -genkey -keysize 2048 -alias red5 -keyalg RSA -keystore >> red5/keystore.jks >> Enter keystore password: >> Re-enter new password: >> What is your first and last name? >> [Unknown]: om.dynu.net -> change to your DNS entry. >> What is the name of your organizational unit? >> [Unknown]: Dev >> What is the name of your organization? >> [Unknown]: OM >> What is the name of your City or Locality? >> [Unknown]: Somecity >> What is the name of your State or Province? >> [Unknown]: NY >> What is the two-letter country code for this unit? >> [Unknown]: US >> Is CN=om.dynu.net, OU=Dev, O=OM, L=Somecity, ST=NY, C=US correct? >> [no]: yes >> >> 2. Create a CSR from the keystore: >> keytool -certreq -keyalg RSA -alias red5 -file red5/om.dynu.net.csr >> -keystore red5/keystore.jks >> >> 3. Add the CA root certificate to the keystore (answer yes on cert >> already exist in system wide CA keystore): >> keytool -import -alias root -keystore red5/keystore.jks -trustcacerts >> -file C:\SSL\isrgrootx1.pem.txt >> >> 4. Add the CA intermediate certificate to the keystore: >> keytool -import -alias intermed -keystore red5/keystore.jks -trustcacerts >> -file C:\SSL\intermediate-crt.txt >> >> 5. Generate an account key and domain key for each domain. You only need >> to generate the account key once. >> Domain key is best to be created for every separate set of names you are >> creating certificates for. >> openssl genrsa -out account.key 4096 >> openssl genrsa -out red5/om.dynu.net-domain.key 2048 >> >> 6. Generate the SSL certificate for your domain: >> le64 -key account.key -csr red5/om.dynu.net.csr -csr-key >> red5/om.dynu.net-domain.key -crt red5/om.dynu.net.crt -domains " >> om.dynu.net" -path C:\red5401\webapps\root\.well-known\acme-challenge >> -unlink -live -legacy >> >> 7. Import the certificate you received: >> keytool -import -alias red5 -keystore red5/keystore.jks -trustcacerts >> -file red5/om.dynu.net.crt >> >> 8. Check the keystore certificates >> keytool -list -keystore red5/keystore.jks >> >> 9. Overwrite the following keystore files with the new keystore.jks >> copy /Y C:\SSL\red5\keystore.jks C:\red5401\conf\keystore.screen >> copy /Y C:\SSL\red5\keystore.jks C:\red5401\conf\keystore.jks >> copy /Y C:\SSL\red5\keystore.jks C:\red5401\conf\truststore.jks >> >> 10. Restart the Red5 Windows Service >> net stop Red5 && sleep 10 && net start Red5 >> >> 11. Check the domain's SSL certificate: >> https://www.ssllabs.com/ssltest/analyze.html?d=om.dynu.net&latest >> >> Note: To revoke a certificate execute: >> le64 -key account.key -crt red5/om.dynu.net.crt -revoke -domains " >> om.dynu.net" -live >> >> Bonus: >> Windows batch script for renewal 20 days before expiration: >> @echo off >> c:\ssl\le64.exe --key c:\ssl\account.key --csr >> c:\ssl\red5\om.dynu.net.csr --csr-key c:\ssl\red5\om.dynu.net-domain.key >> --crt c:\ssl\red5\om.dynu.net.crt --domains "om.dynu.net" --path >> c:\red5401\webapps\root\.well-known\acme-challenge --unlink --renew 20 >> --issue-code 100 --live -legacy >> if errorlevel 255 goto error >> if errorlevel 100 goto renew >> goto exit >> :error >> # add e-mail communication >> goto exit >> :renew >> copy /Y c:\ssl\red5\keystore.jks c:\ssl\red5\keystore.jks.bak >> keytool -delete -alias red5 -keystore c:\ssl\red5\keystore.jks -storepass >> <pass> >> sleep 2 >> keytool -import -alias red5 -keystore c:\ssl\red5\keystore.jks -storepass >> <pass> -trustcacerts -file c:\ssl\red5\om.dynu.net.crt >> sleep 2 >> net stop Red5 >> sleep 2 >> copy /Y c:\ssl\red5\keystore.jks c:\red5401\conf\keystore.screen >> copy /Y c:\ssl\red5\keystore.jks c:\red5401\conf\keystore.jks >> copy /Y c:\ssl\red5\keystore.jks c:\red5401\conf\truststore.jks >> net start Red5 >> :exit >> > > > > -- > WBR > Maxim aka solomax > -- IT Manager,e-learning specialist Skype:aliev_anis www.facebook.com/anis.aliev Тел:989010012
