Re: script to get openmeetings to run on https

Maxim Solodovnik Tue, 03 Apr 2018 19:10:00 -0700

Thanks for sharing!

On Wed, Apr 4, 2018 at 2:11 AM, David Jentz <jen...@gmail.com> wrote:
> The other thread was getting a lot of responses so I start a new one..
>
> Here is a script that works for me on redhat 6.9 (/centos6.9) that
> converts a 4.0.3 -snapshot default install of openmeetings from http
> to https
>
> There are lots of opportunities for improvement to fully automate. I
> guess this might help people as a starting point but maybe not as an
> ending point.
>
> Here I am using the password as 'changeit' which is obviously not a
> real password..
>
> -Dave
>
> #!/bin/sh
> RED5_HOME=/opt/red5
> cd $RED5_HOME
> mkdir certs
> mkdir certs/private
>
> #create CA cert
> figlet create CA
> mkdir certs/ca
> mkdir certs/ca/private
> cd certs/ca
> #try to argment passphrase
> openssl genrsa -aes256 -out private/ca.key.pem 4096
> #check return code, exit on error
> #exit on no file private ca.key.pem
> chmod 400 private/ca.key.pem
>
> #try to argment passphrase
> openssl req -key private/ca.key.pem -new -x509 -days 7300 -sha256
> -extensions v3_ca -out ca.cert.pem
> #check return code, exit on error
> #exit on no file  ca.cert.pem
>
> #Create Selfsigned cert, maybe use what the russians have in threads instead.
> figlet create red5 cert
> cd $RED5_HOME
> cd certs
> #try to argment passphrase
> openssl req -new > new.ssl.csr
> #check return code, exit on error
> #exit on no file  new.ssl.csr
> #exit on no file  privkey
> #( use actual hostname for CN)
> #(leave challenge blank)
>
> mv privkey.pem private
>
> openssl rsa -in private/privkey.pem -out private/red5.cert.key
> #check return code, exit on error
> #exit on no file  new.cert.key
> openssl x509 -in new.ssl.csr -out red5.crt -req -signkey
> private/red5.cert.key -days 9999
> #check return code, exit on error
> #exit on no file  red5.crt
>
>
> openssl pkcs12 -export -in red5.crt -inkey private/red5.cert.key -out
> red5.p12 -name red5 -certfile ca/ca.cert.pem
> #check return code, exit on error
> #exit on no file  red5.crt
>
> #Need permissive type?? Some avc on next line need permissive type for
> secadm_java_t (it transistions)
> keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12
> -srcstoretype PKCS12 -deststorepass changeit -destkeystore
> keystore.jks -alias red5
>
> keytool -import -alias root -keystore keystore.jks -trustcacerts -file
> ca/ca.cert.pem
> #^ keystorepass changeit no good, need expect script instead
>
> cp keystore.jks ../conf
> cp keystore.jks ../conf/truststore.jks
> #Rename the existing keystore file red5/conf/keystore.jmx to
> red5/conf/keystore.bak
> #mv ${RED5_HOME}/conf/keystore.jmx ${RED5_HOME}/conf/keystore.bak
> #Rename the existing truststore file red5/conf/truststore.jmx to
> red5/conf/truststore.bak
> #mv ${RED5_HOME}/conf/truststore.jmx ${RED5_HOME}/conf/truststore.bak
>
> cd ${RED5_HOME}
> #twizzle red5/conf/jee-container.xml line 33 SSL add <!--
> sed -i '33s/^/\<\!--/' conf/jee-container.xml
> #twizzle red5/conf/jee-container.xml line 71 SSL add -->
> sed -i '71s/^/--\>/' conf/jee-container.xml
> #twizzle red5/conf/jee-container.xml line 73 SSL remove <!--
> sed -i '73s/.*//' conf/jee-container.xml
> #twizzle red5/conf/jee-container.xml line 132 SSL remove -->
> sed -i '132s/.*//' conf/jee-container.xml
> #twizzle red5/conf/red5-core.xml line 198 add -->
> sed -i '198s/^/--\>/' conf/red5-core.xml
> #twizzle red5/conf/red5-core.xml line 234 remove -->
> sed -i '234s/.*//' conf/red5-core.xml
>
> sed -i 's/password/changeit/' conf/red5.properties
> ## trustAnchors parameter must be non empty




-- 
WBR
Maxim aka solomax

Re: script to get openmeetings to run on https

Reply via email to