Hi, I installed Openmeetings 504 on a virtual Ubuntu 18.04 Server, following the instructions of the newest tutorial. As far as I can tell, everything works fine.
Now, I am trying to replace the selfsigned certificate and use a domain-certificate instead, following the information from: https://openmeetings.apache.org/HTTPS.html#real-certificate. But after this and after a reboot - the https-site is not avaiable anymore (site cannot be found). I am a bit at loss here about what to do now. Here is what I did: First Attempt -------------------------------------------------------------------------------- cd /opt/open504/conf sudo mv localhost.jks localhost.org sudo keytool -keysize 4096 -genkey -alias openmeetings -keyalg RSA -storetype PKCS12 -keystore /opt/open504/conf/localhost.jks Old password: PassW0rd New password: PassW0rd Name (Websitename): myserver (...) sudo keytool -certreq -keyalg RSA -alias openmeetings -file openmeetings.csr -keystore /opt/open504/conf/localhost.jks sudo cp openmeetings.csr /media/netshare Here, I opened the website of my domain-CA, which is a Server 2012 R2 Windows Server (https://issuingca/certsrv/) I chose: request a certificate. I chose: advanced certificate request. I chose: submit a certificate request by using a base-64-encoded (...). I opened the request-file (openmeetings.csr) in a texteditor and used copy & paste to hand in my request. I chose "Web Server" as certificate-template and start the request. I download the certificate as Base-64-Certificate (cer-filetype) - the certificate is valid. I copy this certificate and the certificate of my root and my issuing CA onto my netshare, so I can access it from my OpenMeetings-Linux-Server. cd /opt/open504/conf sudo cp /media/netshare/root.crt root.crt sudo cp /media/netshare/issuing.cer issuing.cer sudo cp /media/netshare/myserver.cer myserver.cer sudo keytool -import -alias root -keystore /opt/open504/conf/localhost.jks -trustcacerts -file root.crt sudo keytool -import -alias intermed -keystore /opt/open504/conf/localhost.jks -trustcacerts -file issuing.cer sudo keytool -import -alias openmeetings -keystore /opt/open504/conf/localhost.jks -trustcacerts -file myserver.cer ==> No errors so far. sudo reboot now sudo /etc/init.d/mysql start sudo /etc/init.d/kurento-media-server start sudo /etc/init.d/tomcat3 start ==> HTTPS-Website is not available. Second Attempt -------------------------------------------------------------------------------- I found out, that the certificate-template "Web Server" may not be right. It says, the maximum is 2048. So I created a new template ("Web Server 4096") and changed the length to 4096. I also checked the option, that the private key is exportable. I started from the beginning - same result. Third Attempt -------------------------------------------------------------------------------- After that, I started again, but this time I tried to request a 2048-certificate and to use the original certificate-template: sudo keytool -keysize 2048 -genkey -alias openmeetings -keyalg RSA -storetype PKCS12 -keystore /opt/open504/conf/localhost.jks Same result. Fourth Attempt -------------------------------------------------------------------------------- I also tried to use this manual: https://openmeetings.apache.org/HTTPS.html#create-keystore-using-existing-key-pair But I do not have a server-key. I can create a valid certificate on my CA-website (https://issuingca/certsrv/) and I can use openssl in order to create p12/pfx- and key-files, but I don't know how to import them, since I don't have a matching request on my Ubuntu-/OpenMeetings-Server. Fifth Attempt -------------------------------------------------------------------------------- I also tried to create a key-file from the certificate I imported using the first manual (https://openmeetings.apache.org/HTTPS.html#real-certificate) and then use this key-file with the second manual (https://openmeetings.apache.org/HTTPS.html#create-keystore-using-existing-key-pair). sudo keytool -v -importkeystore -srckeystore keystore -srcalias openmeetings -destkeystore myserver.p12 -deststoretype PKCS12 [from here in a Windows-commandline) openssl pkcs12 -in myserver.p12 -nocerts -out myserver_enc.key openssl pkcs12 -in myserver.p12 -clcerts -nokeys -out myserver.crt openssl rsa -in myserver_enc.key -out myserver.key sudo keytool -importkeystore -srcstorepass PassW0rd -srckeystore myserver.p12 -srcstoretype PKCS12 -deststorepass PassW0rd -destkeystore /opt/open504/conf/localhost.jks -alias openmeetings -deststoretype PKCS12 ==> Alias openmeetings not found sudo keytool -importkeystore -srcstorepassPassW0rd -srckeystore myserver.p12 -srcstoretype PKCS12 -deststorepass PassW0rd -destkeystore /opt/open504/conf/localhost.jks -deststoretype PKCS12 ==> Alias openmeetings already existing (???), overwrite? Yes. Anyhow, after the reboot --> same result, no https-website. At this point, I am a bit lost. Can you give me a hint? Best regards, Alex
