This is an automated email from the ASF dual-hosted git repository.
solomax pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/openmeetings-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 5ed0234 no jira: HTTPS 4.0.x config is added
5ed0234 is described below
commit 5ed0234160df3edca57c23f67115ffa223f407ed
Author: Maxim Solodovnik <solomax...@gmail.com>
AuthorDate: Mon Oct 26 13:47:28 2020 +0700
no jira: HTTPS 4.0.x config is added
---
RTMPSAndHTTPS.html | 606 +++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 606 insertions(+)
diff --git a/RTMPSAndHTTPS.html b/RTMPSAndHTTPS.html
new file mode 100644
index 0000000..1a0fb96
--- /dev/null
+++ b/RTMPSAndHTTPS.html
@@ -0,0 +1,606 @@
+
+
+
+ <!doctype html>
+<!--
+ Generated by Apache Maven Doxia at 2020-08-22 Rendered using Reflow Maven
Skin 2.3.0 (http://devacfr.github.io/reflow-maven-skin)
+-->
+<html xml:lang="en" lang="en">
+ <head>
+ <meta charset="UTF-8" />
+ <title>Apache OpenMeetings Project – Using OpenMeetings with RTMPS
and HTTPS</title>
+ <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+ <meta name="description" content="" />
+ <meta name="author" content="Apache OpenMeetings Team" />
+ <meta http-equiv="content-language" content="en" />
+ <link
href="./css/themes/cerulean/bootstrap.min.css" rel="stylesheet" />
+ <link href="./css/fontawesome/all.min.css" rel="stylesheet" />
+ <link href="./css/reflow-skin.css" rel="stylesheet" />
+
+ <link rel="stylesheet" href="./js/styles/github.min.css" />
+
+ <link href="./css/lightbox.css" rel="stylesheet" />
+ <link href="./css/site.css" rel="stylesheet" />
+ <link href="./css/print.css" rel="stylesheet" media="print" />
+<link rel="stylesheet" href="./css/site.css"/>
+ </head> <!-- end : head -->
+<body class="page-rtmpsandhttps project-openmeetings-server anchorjs-enabled
scrolltop-smooth-enabled m-toc-sidebar-enabled m-toc-sidebar-expanded
m-toc-sidebar-autoexpandable toc-sidebar-fixed">
+ <nav id="m-top-navbar" class="navbar navbar-expand-lg fixed-top
navbar-light bg-light navbar-dark bg-primary">
+<div class="container"> <a class="navbar-brand mb-0 h1"
href="index.html">
+ <span class="color-highlight">Apache</span> OpenMeetings
+ </a>
+ <button class="navbar-toggler" type="button"
data-toggle="collapse" data-target="#top-navbar-collapse-1"
aria-controls="top-navbar-collapse-1" aria-expanded="false" aria-label="Toggle
navigation">
+ <span class="navbar-toggler-icon"></span>
+ </button>
+ <div class="collapse navbar-collapse" id="top-navbar-collapse-1">
+ <ul class="nav navbar-nav ml-auto">
+ <li class="nav-item " ><a href="demo.html" title="Demo"
class="nav-link" >Demo</a></li>
+ <li class="nav-item " ><a href="downloads.html"
title="Download" class="nav-link" >Download</a></li>
+ <li class="nav-item " ><a
href="https://cwiki.apache.org/confluence/display/OPENMEETINGS"; title="Wiki"
class="externalLink nav-link" >Wiki</a></li>
+ <li class="nav-item dropdown">
+ <a href="#" class="nav-link dropdown-toggle"
data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">General <b
class="caret"></b></a>
+ <div class="dropdown-menu">
+ <a href="index.html" title="Home"
class="dropdown-item ">Home</a>
+ <a href="https://www.apache.org/licenses/";
title="License" class="dropdown-item ">License</a>
+ <a href="https://www.apache.org/"; title="ASF"
class="dropdown-item ">ASF</a>
+ <a
href="https://www.apache.org/foundation/sponsorship"; title="Sponsorship"
class="dropdown-item ">Sponsorship</a>
+ <a href="https://www.apache.org/foundation/thanks";
title="Thanks" class="dropdown-item ">Thanks</a>
+ <a href="CallForLogo.html" title="Call For Logo"
class="dropdown-item ">Call For Logo</a>
+ <a href="NewsArchive.html" title="News archive"
class="dropdown-item ">News archive</a>
+ <a href="security.html" title="Security"
class="dropdown-item ">Security</a>
+ <a href="commercial-support.html"
title="Commercial Support" class="dropdown-item ">Commercial Support</a>
+ </div>
+ </li>
+ <li class="nav-item dropdown">
+ <a href="#" class="nav-link dropdown-toggle"
data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Installation
<b class="caret"></b></a>
+ <div class="dropdown-menu">
+ <a href="installation.html" title="Installation"
class="dropdown-item ">Installation</a>
+ <a href="Upgrade.html" title="Upgrade"
class="dropdown-item ">Upgrade</a>
+ <a
href="https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools";
title="Tutorials" class="dropdown-item ">Tutorials</a>
+ <a href="CommandLineAdmin.html" title="Command
Line Admin" class="dropdown-item ">Command Line Admin</a>
+ </div>
+ </li>
+ <li class="nav-item dropdown">
+ <a href="#" class="nav-link dropdown-toggle"
data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Community <b
class="caret"></b></a>
+ <div class="dropdown-menu">
+ <a href="get-involved.html" title="Get Involved"
class="dropdown-item ">Get Involved</a>
+ <a href="team.html" title="Committers"
class="dropdown-item ">Committers</a>
+ <a href="OurUsers.html" title="Our Users"
class="dropdown-item ">Our Users</a>
+ <a href="mailing-lists.html" title="Mailing Lists"
class="dropdown-item ">Mailing Lists</a>
+ <a
href="https://cwiki.apache.org/confluence/display/OPENMEETINGS/"; title="Wiki"
class="dropdown-item ">Wiki</a>
+ </div>
+ </li>
+ <li class="nav-item dropdown active">
+ <a href="#" class="nav-link dropdown-toggle"
data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Configuration
<b class="caret"></b></a>
+ <div class="dropdown-menu">
+ <div class="dropdown-submenu">
+ <a href="RTMPSAndHTTPS.html#integration"
title="Integration" class="dropdown-item" >Integration</a>
<div class="dropdown-menu">
+ <a
href="openmeetings-webservice/apidocs/index.html" title="SOAP/REST API"
target="_blank" class="dropdown-item ">SOAP/REST API</a>
+ <a href="RestAPISample.html" title="REST
API Sample" class="dropdown-item ">REST API Sample</a>
+ <a href="LdapAndADS.html" title="Ldap and
ADS" class="dropdown-item ">Ldap and ADS</a>
+ <a href="oauth2.html" title="OAuth2"
class="dropdown-item ">OAuth2</a>
+ <a href="voip-sip-integration.html"
title="VoIP and SIP" class="dropdown-item ">VoIP and SIP</a>
+ <a href="errorvalues.html" title="Errors
table" class="dropdown-item ">Errors table</a>
+ <a href="CalDAVandGCal.html" title="CalDAV
and Google Calendar integration" class="dropdown-item ">CalDAV and Google
Calendar integration</a>
+ <a href="ExternalVideo.html"
title="External Video/Camera" class="dropdown-item ">External Video/Camera</a>
+ </div>
+ </div>
+ <div class="dropdown-submenu">
+ <a href="RTMPSAndHTTPS.html#plugins"
title="Plugins" class="dropdown-item" >Plugins</a>
<div class="dropdown-menu">
+ <a href="MoodlePlugin.html" title="Moodle
Plugin" class="dropdown-item ">Moodle Plugin</a>
+ <a href="SakaiPlugin.html" title="Sakai
Plugin" class="dropdown-item ">Sakai Plugin</a>
+ <a href="JiraPlugin.html" title="Jira
Plugin" class="dropdown-item ">Jira Plugin</a>
+ <a href="JoomlaPlugin.html" title="Joomla
Plugin" class="dropdown-item ">Joomla Plugin</a>
+ <a href="DrupalPlugin.html" title="Drupal
Plugin" class="dropdown-item ">Drupal Plugin</a>
+ <a href="BitrixPlugin.html" title="Bitrix
Plugin" class="dropdown-item ">Bitrix Plugin</a>
+ <a href="ConfluencePlugin.html"
title="Confluence Plugin" class="dropdown-item ">Confluence Plugin</a>
+ <a href="SugarCRMPlugin.html"
title="SugarCRM Plugin" class="dropdown-item ">SugarCRM Plugin</a>
+ <a href="RedminePlugin.html"
title="Redmine Plugin" class="dropdown-item ">Redmine Plugin</a>
+ </div>
+ </div>
+ <div class="dropdown-submenu">
+ <a href="RTMPSAndHTTPS.html#db" title="DB
Sample Configurations" class="dropdown-item" >DB Sample Configurations</a>
<div class="dropdown-menu">
+ <a href="ApacheDerbyConfig.html"
title="Apache Derby" class="dropdown-item ">Apache Derby</a>
+ <a href="IBMDB2Config.html" title="IBM
DB2" class="dropdown-item ">IBM DB2</a>
+ <a href="OracleConfig.html" title="Oracle"
class="dropdown-item ">Oracle</a>
+ <a href="MySQLConfig.html" title="MySQL"
class="dropdown-item ">MySQL</a>
+ <a href="PostgresConfig.html"
title="Postgres" class="dropdown-item ">Postgres</a>
+ <a href="MSSQLConfig.html" title="MSSQL"
class="dropdown-item ">MSSQL</a>
+ </div>
+ </div>
+ <div class="dropdown-submenu">
+ <a href="RTMPSAndHTTPS.html#localization"
title="Localization and languages" class="dropdown-item" >Localization and
languages</a> <div class="dropdown-menu">
+ <a href="Internationalisation.html"
title="Internationalisation" class="dropdown-item ">Internationalisation</a>
+ <a href="LanguageEditor.html"
title="LanguageEditor" class="dropdown-item ">LanguageEditor</a>
+ <a href="TimeZoneHandling.html"
title="TimeZoneHandling" class="dropdown-item ">TimeZoneHandling</a>
+ <a href="EditTemplates.html"
title="EditTemplates" class="dropdown-item ">EditTemplates</a>
+ </div>
+ </div>
+ <div class="dropdown-submenu">
+ <a href="RTMPSAndHTTPS.html#port" title="NAT
Port Settings" class="dropdown-item" >NAT Port Settings</a>
<div class="dropdown-menu">
+ <a href="PortSettings.html" title="Port
settings" class="dropdown-item ">Port settings</a>
+ </div>
+ </div>
+ <div class="dropdown-submenu">
+ <a href="RTMPSAndHTTPS.html#performance"
title="Performance" class="dropdown-item" >Performance</a>
<div class="dropdown-menu">
+ <a href="JVMPerformanceTuning.html"
title="JVM performance tuning" class="dropdown-item ">JVM performance
tuning</a>
+ <a href="NetworkCalculator.html"
title="Network bandwidth calculator" class="dropdown-item ">Network bandwidth
calculator</a>
+ </div>
+ </div>
+ <div class="dropdown-submenu">
+ <a href="RTMPSAndHTTPS.html#interface"
title="User Interface" class="dropdown-item" >User Interface</a>
<div class="dropdown-menu">
+ <a href="themes-and-branding.html"
title="Themes" class="dropdown-item ">Themes</a>
+ <a href="Dashboard.html" title="Dashboard"
class="dropdown-item ">Dashboard</a>
+ <a href="WebcamResolutions.html"
title="Webcam resolutions" class="dropdown-item ">Webcam resolutions</a>
+ <a href="ConferenceRoomLayoutOptions.html"
title="Room layout options" class="dropdown-item ">Room layout options</a>
+ <a href="HotKeys.html" title="Hot Keys"
class="dropdown-item ">Hot Keys</a>
+ </div>
+ </div>
+ <div class="dropdown-submenu">
+ <a href="RTMPSAndHTTPS.html#customize"
title="Customization" class="dropdown-item" >Customization</a>
<div class="dropdown-menu">
+ <a href="WebappNamePath.html"
title="Webapp name/path" class="dropdown-item ">Webapp name/path</a>
+ <a href="Navigation.html"
title="Navigation" class="dropdown-item ">Navigation</a>
+ <a href="CalendarAndTimezone.html"
title="Calendar and timezone" class="dropdown-item ">Calendar and timezone</a>
+ <a href="CustomRoomTypeHowTo.html"
title="Custom room type" class="dropdown-item ">Custom room type</a>
+ <a href="CustomCryptMechanism.html"
title="Custom crypt mechanism" class="dropdown-item ">Custom crypt
mechanism</a>
+ <a href="GeneralConfiguration.html"
title="General Configuration" class="dropdown-item ">General Configuration</a>
+ <a href="PrivacyStatement.html"
title="Privacy Statement" class="dropdown-item ">Privacy Statement</a>
+ </div>
+ </div>
+ <div class="dropdown-submenu">
+ <a href="RTMPSAndHTTPS.html#security"
title="Security" class="dropdown-item active" >Security</a>
<div class="dropdown-menu">
+ <a href="RestrictedAccess.html"
title="Restricted Access" class="dropdown-item ">Restricted Access</a>
+ <a href="" title="RTMPS and HTTPS"
class="dropdown-item active">RTMPS and HTTPS</a>
+ </div>
+ </div>
+ <div class="dropdown-submenu">
+ <a href="RTMPSAndHTTPS.html#convert"
title="Converters" class="dropdown-item" >Converters</a>
<div class="dropdown-menu">
+ <a href="OpenOfficeConverter.html"
title="OpenOffice Converter" class="dropdown-item ">OpenOffice Converter</a>
+ </div>
+ </div>
+ <div class="dropdown-submenu">
+ <a href="RTMPSAndHTTPS.html#cluster"
title="Clustering" class="dropdown-item" >Clustering</a>
<div class="dropdown-menu">
+ <a href="Clustering.html"
title="Clustering" class="dropdown-item ">Clustering</a>
+ </div>
+ </div>
+ <div class="dropdown-submenu">
+ <a href="RTMPSAndHTTPS.html#misc"
title="Misc" class="dropdown-item" >Misc</a>
<div class="dropdown-menu">
+ <a href="GetVersionInfo.html" title="Get
version info" class="dropdown-item ">Get version info</a>
+ </div>
+ </div>
+ </div>
+ </li>
+ <li class="nav-item dropdown">
+ <a href="#" class="nav-link dropdown-toggle"
data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Development
<b class="caret"></b></a>
+ <div class="dropdown-menu">
+ <a href="scm.html" title="Source Code"
class="dropdown-item ">Source Code</a>
+ <a href="issue-management.html" title="Bugs /
Issues" class="dropdown-item ">Bugs / Issues</a>
+ <a href="dependencies.html" title="Dependencies"
class="dropdown-item ">Dependencies</a>
+ <a href="integration.html" title="Continuous
Integration" class="dropdown-item ">Continuous Integration</a>
+ <a href="BuildInstructions.html" title="Build
Instructions" class="dropdown-item ">Build Instructions</a>
+ <a href="JUnitTesting.html" title="JUnit Testing"
class="dropdown-item ">JUnit Testing</a>
+ <a href="ManualTesting.html" title="Manual
Testing" class="dropdown-item ">Manual Testing</a>
+ <a href="ReleaseGuide.html" title="Release Guide"
class="dropdown-item ">Release Guide</a>
+ <a href="WebsiteGuide.html" title="Website Guide"
class="dropdown-item ">Website Guide</a>
+ </div>
+ </li>
+ </ul><!--/ul.navbar-nav -->
+ </div><!--/.nav-collapse -->
+</div> <!--/.container --> </nav> <!--/.navbar -->
+ <div class="main-body">
+ <div class="header " role="main">
+ <div class="container container-fluid">
+ <div class="jumbotron header--jumbotron ">
+ <div id="banner" class="row header--banner">
+ <div class="col-md-12">
+ <div class="float-left header--banner--left bannerLeft">
+ <a href="index.html">
+ <img class="float-left m-2 img-fluid" src="images/logo.png" />
+ <h1>Apache OpenMeetings</h1>
+ </a>
+ </div>
+ <div class="float-right header--banner--right bannerRight">
+ <a href="https://apache.org";>
+ <img class="float-left m-2 img-fluid"
src="https://apache.org/img/asf_logo.png"; />
+ <h1>Apache</h1>
+ </a>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div> <!-- end : header -->
+ <div class="row mt-5">
+ <div class="d-xs-none d-sm-none d-md-none d-lg-block col-lg-2">
+ </div>
+ <main class="col-xs-12 col-sm-12 col-md-12 col-lg-12 col-xl-8"
role="main">
+ <nav aria-label="breadcrumb">
+ <ol class="breadcrumb">
+ <li class="publishDate version-date"> Last Published:
2020-08-22</li>
+ </ol>
+ </nav>
+ <section>
+ <div class="page-header">
+ <h2 id="using-openmeetings-with-rtmps-and-https">Using OpenMeetings with
RTMPS and HTTPS</h2>
+ </div>
+ <p>There are 3 ways the client communicates with the server: </p>
+ <ul>
+ <li>The flash-client uses RTMP protocol to transfer Audio/Video and to send
and receive the user data (login et cetera) to the server and back </li>
+ <li>The browser uses HTTP protocol to load the SWF and to upload and
download the files (documents, pdfs, images) to the server and back. </li>
+ <li>The screensharing client uses RTMP protocol to transfer screen data and
remote control to the server and back </li>
+ </ul>
+</section>
+<section>
+ <h2 id="real-certificate">'Real' certificate</h2>
+ <section>
+ <h3 id="prerequisites1">Prerequisites</h3>
+ <ul>
+ <li>You need OpenMeetings 1.9.x or later for this, OpenMeetings 1.8.x does
not have those options.</li>
+ <li>Install OpenMeetings according to the install instructions and check
that it runs without problems</li>
+ <li>Rename the existing keystore file <code>red5/conf/keystore.jmx</code>
to <code>red5/conf/keystore.bak</code></li>
+ <li>Rename the existing truststore file
<code>red5/conf/truststore.jmx</code> to
<code>red5/conf/truststore.bak</code></li>
+ </ul>
+ </section>
+ <section>
+ <h3 id="create-keystore-from-the-scratch">Create Keystore from the
scratch</h3>
+ <ol style="list-style-type: decimal">
+ <li> Create a new keystore and key, use the same password for both:<br>
<br>
+ <div class="source">
+ <pre>keytool -keysize 2048 -genkey -alias red5 -keyalg RSA -keystore
red5/conf/keystore.jks
+Enter keystore password:
+Re-enter new password:
+What is your first and last name?
+[Unknown]: <your hostname, e.g demo.openmeetings.de>
+What is the name of your organizational unit?
+[Unknown]: Dev
+What is the name of your organization?
+[Unknown]: OpenMeetings
+What is the name of your City or Locality?
+[Unknown]: Henderson
+What is the name of your State or Province?
+[Unknown]: Nevada
+What is the two-letter country code for this unit?
+[Unknown]: US
+Is CN=demo.openmeetings.de, OU=Dev, O=OpenMeetings, L=Henderson, ST=Nevada,
C=US correct?
+[no]: yes
+Enter key password for <red5>
+</pre>
+ </div> </li>
+ <li>Generate a CSR:
+ <div class="source">
+ <pre>keytool -certreq -keyalg RSA -alias red5 -file red5.csr -keystore
red5/conf/keystore.jks</pre>
+ </div> </li>
+ <li>Submit CSR to your CA of choice and receive a signed certificate </li>
+ <li>Import your chosen CA's root certificate into the keystore (may need to
download it from their site - make sure to get the root CA and not the
intermediate one):
+ <div class="source">
+ <pre>keytool -import -alias root -keystore red5/conf/keystore.jks
-trustcacerts -file root.crt</pre>
+ </div> (note: you may receive a warning that the certificate already
exists in the system wide keystore - import anyway) </li>
+ <li>Import the intermediate certificate(s) you normally receive with the
certificate:
+ <div class="source">
+ <pre>keytool -import -alias intermed -keystore red5/conf/keystore.jks
-trustcacerts -file intermediate.crt</pre>
+ </div> </li>
+ <li>Import the certificate you received:
+ <div class="source">
+ <pre>keytool -import -alias red5 -keystore red5/conf/keystore.jks
-trustcacerts -file demo.openmeetings.de.crt</pre>
+ </div> </li>
+ <li>Please NOTE according to this <a class="externalLink"
href="http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html";>http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html</a>
guide you can split keystore and truststore (OPTIONAL you might just copy
keystore to truststore) </li>
+ <li>Create additional certificate as described above. Add this certificate
to the following keystores: <code>red5/conf/keystore.screen</code> and
<code>red5/conf/keystore.jks</code>. (This step is required to be able to use
screen-sharing web application, you can copy "main" keystore while testing)
</li>
+ </ol>
+ </section>
+ <section>
+ <h3 id="create-keystore-using-existing-key-pair">Create Keystore using
existing key-pair</h3>
+ <section>
+ <h4 id="prerequisites2">Prerequisites</h4>
+ <ul>
+ <li>Server key: red5.key</li>
+ <li>Signed CSR: red5.crt</li>
+ <li>CA's root certificate: root.crt</li>
+ <li>** Intermediate certificate(s): intermedXX.crt</li>
+ </ul>
+ </section>
+ <section>
+ <h4 id="steps1">Steps</h4>
+ <ol style="list-style-type: decimal">
+ <li> Export existing keys into PKCS12 format:<br> <br>
+ <div class="source">
+ <pre>openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12
-name red5 -certfile root.crt -certfile intermedXX.crt
+
+Enter Export Password: password
+Verifying - Enter Export Password: password
+</pre>
+ </div> </li>
+ <li>Import resulting red5.p12 into keystore:
+ <div class="source">
+ <pre>keytool -importkeystore -srcstorepass password -srckeystore
red5.p12 -srcstoretype PKCS12 -deststorepass password -destkeystore
red5/conf/keystore.jks -alias red5
+</pre>
+ </div> </li>
+ <li>Import your chosen CA's root certificate into the keystore (may need
to download it from their site - make sure to get the root CA and not the
intermediate one):
+ <div class="source">
+ <pre>keytool -import -alias root -keystore red5/conf/keystore.jks
-trustcacerts -file root.crt</pre>
+ </div> (note: you may receive a warning that the certificate already
exists in the system wide keystore - import anyway) </li>
+ <li>Import the intermediate certificate(s) you normally receive with the
certificate:
+ <div class="source">
+ <pre>keytool -import -alias intermed -keystore red5/conf/keystore.jks
-trustcacerts -file intermedXX.crt</pre>
+ </div> </li>
+ <li>Please NOTE according to this <a class="externalLink"
href="http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html";>http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html</a>
guide you can split keystore and truststore (OPTIONAL you might just copy
keystore to truststore) </li>
+ <li>Create additional certificate as described above. Add this certificate
to the following keystores: <code>red5/conf/keystore.screen</code> and
<code>red5/conf/keystore.jks</code>. (This step is required to be able to use
screen-sharing web application, you can copy "main" keystore while testing)
</li>
+ </ol>
+ </section>
+ </section>
+</section>
+<section>
+ <h2 id="self-signed-certificate">Self-signed certificate</h2>
+ <section>
+ <h3 id="prerequisites3">Prerequisites</h3>
+ <ul>
+ <li>Create CA's root certificate: ca.crt</li>
+ <li>Create self-signed server certificate: red5.crt <code>Common Name (CN)
while creating certificate should be assign to FQDN of your site, for example -
vkc.company.com</code></li>
+ <li>Rename the existing keystore file <code>red5/conf/keystore.jmx</code>
to <code>red5/conf/keystore.bak</code></li>
+ <li>Rename the existing truststore file
<code>red5/conf/truststore.jmx</code> to
<code>red5/conf/truststore.bak</code></li>
+ </ul>
+ </section>
+ <section>
+ <h3 id="steps-for-om-server">Steps for OM server</h3>
+ <ol style="list-style-type: decimal">
+ <li>Export existing keys into PKCS12 format:
+ <div class="source">
+ <pre>cd _folder_with_certificates_
+openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12 -name red5
-certfile ca.crt
+</pre>
+ </div> </li>
+ <li>Import resulting red5.p12 into keystore:
+ <div class="source">
+ <pre>keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12
-srcstoretype PKCS12 -deststorepass changeit -destkeystore
/opt/red5/conf/keystore.jks -alias red5
+</pre>
+ </div> This command creates the keystore.jks with password changeit (may
be any password) </li>
+ <li>Import your CA's root certificate into the keystore:
+ <div class="source">
+ <pre>keytool -import -alias root -keystore /opt/red5/conf/keystore.jks
-keystorepass changeit -trustcacerts -file ca.crt
+</pre>
+ </div> </li>
+ <li>copy keystore to truststore
+ <div class="source">
+ <pre>cp /opt/red5/conf/keystore.jks /opt/red5/conf/truststore.jks
+</pre>
+ </div> </li>
+ <li>Change passwords in /opt/red5/conf/red5.properties
+ <div class="source">
+ <pre>rtmps.keystorepass=changeit
+rtmps.truststorepass=changeit
+jmx.keystorepass=changeit
+</pre>
+ </div> </li>
+ <li>Set up SSL according <a href="#SSL_for_the_web_interface" title="SSL
for the web interface">SSL for the web interface</a> section.</li>
+ <li>Set up RTMPS according <a href="#Tunneling_RTMPS" title="Tunneling
RTMPS">Tunneling RTMPS</a> or <a href="#Native_RTMPS" title="Native
RTMPS">Native RTMPS</a> sections.</li>
+ <li>Restart OM service or whole OM server. Now OM server is ready to accept
SSL-connections.</li>
+ </ol>
+ </section>
+ <section>
+ <h3 id="steps-for-client-machines">Steps for client machines</h3>
+ <p>Windows specific steps are marked with (**)</p>
+ <ol style="list-style-type: decimal">
+ <li>(**)Add the ca.crt certificate as trusted into the CA's list on all
windows PC at the system level (certmgr.msc applet)</li>
+ <li>Add the ca.crt certificate as trusted into Chrome/Firefox if it
used</li>
+ <li> Add the ca.crt certificate into ${JAVA_HOME}/lib/security/cacerts with
keytool utility on a PC that organizes screensharing <p> (**) <br> For example,
Java Version 8 Update 144 has been installed on Windows machine by default
location path.<br> Copy ca.crt to a folder : c:\ca.crt<br> Start command line
interface as administrator:<br> runas /user:AdminAccount cmd.exe<br> Enter
admin password<br> Enter to bin directory of java:<br> cd "c:\Program
Files\Java\jre1.8.0_144\bin"<br> Im [...]
+ </ol>
+ </section>
+</section>
+<section>
+ <h2 id="ssl-for-the-web-interface">SSL for the web interface</h2>
+ <p>Please perform following steps if you want to use SSL for the web
interface. This is mainly to secure the server against MITM attacks,
additionally some other features like file uploads also use a plain HTTP
connection if this is not done. The following instructions assume that you have
already set up RTMPS successfully. </p>
+ <ol style="list-style-type: decimal">
+ <li> Edit <code>red5/conf/jee-container.xml</code> file:<br> Comment
<code>Tomcat without SSL enabled</code> section<br> UNComment <code>Tomcat with
SSL enabled</code> section </li>
+ <li> Restart red5 and try to connect to <u>https://your.server:5443</u> -
you should be redirected to the OpenMeetings app and all access should be via
HTTPS and/or RTMPS (close port 5080 to be sure). </li>
+ </ol>
+</section>
+<section>
+ <h2 id="set-up-rtmps">Set up RTMPS</h2>
+ <section>
+ <h3 id="tunneling-rtmps">Tunneling RTMPS</h3>
+ <ol style="list-style-type: decimal">
+ <li>HTTPS need to be enabled otherwise tunneling will not work (it can be
set up using frontend nginx/apache as well)</li>
+ <li> In Administration->Configuration set<br> <br>
+ <div class="source">
+ <pre> flash.secure = true
+ flash.secure.proxy = none
+</pre>
+ </div> </li>
+ <li>Restart red5 and try to connect - your connection should now be made
via RTMPS (close port 1935 to be sure) </li>
+ </ol>
+ </section>
+ <section>
+ <h3 id="native-rtmps">Native RTMPS</h3>
+ <ol style="list-style-type: decimal">
+ <li> Default RTMPS port is 8443, you can change it by editing
<code>red5/conf/red5.properties</code> and change the port here:
<code>rtmps.port=8443</code><br> Please set
<code>rtmps.keystorepass=password</code> and
<code>rtmps.truststorepass=password</code> (password = password you set on your
new keystore(s))<br> Additionally you need to set
<code>rtmps.screen.keystorepass=screenpassword</code> (screenpassword =
password you set on your keystore for screen-sharing application) </li>
+ <li> Edit <code>red5/conf/red5-core.xml</code> file:<br> UNComment
<code>RTMPS</code> section </li>
+ <li> In Administration->Configuration set<br> <br>
+ <div class="source">
+ <pre> flash.secure = true
+ flash.secure.proxy = best
+</pre>
+ </div> </li>
+ <li>Restart red5 and try to connect - your connection should now be made
via RTMPS (close port 1935 to be sure) </li>
+ </ol>
+ </section>
+</section>
+<section>
+ <h2 id="setting-up-different-set-of-allowed-cithers">Setting up different set
of allowed cithers</h2>
+ <div>
+ In case you would like to specify different set of allowed cithers you need
to
+ <ol style="list-style-type: decimal">
+ <li>Open <code>conf/jee-container.xml</code> using your favorite text
editor</li>
+ <li>Go to <code>"Tomcat with SSL enabled" -> "tomcat.server" ->
"connectors" -> "httpsConnector" -> "connectionProperties"</code></li>
+ <li> Add following entry
+ <div class="source">
+ <pre><entry key="ciphers"
value="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES
[...]
+ </div> </li>
+ </ol> Please check
+ <a class="externalLink"
href="https://issues.apache.org/jira/browse/OPENMEETINGS-1969?focusedCommentId=16721099&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-16721099";>this
JIRA issue</a> for more information
+ </div>
+</section>
+<section>
+ <h2 id="credits1">Credits</h2>
+ <p>Thanks to Nexus, Holger Rabbach and Yakovlev Nick for their help and
contribution to configuration and documentation! </p>
+</section> </main>
+ <div class="d-none d-sm-none d-md-none d-lg-none d-xl-block col-xl-2">
+ <div id="m-toc-sidebar" class="d-print-none m-toc-sidebar-enabled
m-toc-sidebar-expanded m-toc-sidebar-autoexpandable toc-sidebar-fixed">
+ <nav id="m-toc-sidebar-nav flex-column">
+ <ul class="m-nav--sidebar nav flex-column flex-nowrap">
+ <li class="h2">
+ <a class="nav-link" href="#using-openmeetings-with-rtmps-and-https"
title="Using OpenMeetings with RTMPS and HTTPS">Using OpenMeetings with RTMPS
and HTTPS</a>
+ </li>
+ <li class="h2">
+ <a class="nav-link" href="#real-certificate" title="'Real'
certificate">'Real' certificate</a>
+ </li>
+ <ul class="nav flex-column flex-nowrap nav-collapsible">
+ <li class="h3">
+ <a class="nav-link" href="#prerequisites1"
title="Prerequisites">Prerequisites</a>
+ </li>
+ <li class="h3">
+ <a class="nav-link" href="#create-keystore-from-the-scratch"
title="Create Keystore from the scratch">Create Keystore from the scratch</a>
+ </li>
+ <li class="h3">
+ <a class="nav-link" href="#create-keystore-using-existing-key-pair"
title="Create Keystore using existing key-pair">Create Keystore using existing
key-pair</a>
+ </li>
+ <ul class="nav flex-column flex-nowrap nav-collapsible">
+ <li class="h4">
+ <a class="nav-link" href="#prerequisites2"
title="Prerequisites">Prerequisites</a>
+ </li>
+ <li class="h4">
+ <a class="nav-link" href="#steps1" title="Steps">Steps</a>
+ </li>
+ </ul>
+ </ul>
+ <li class="h2">
+ <a class="nav-link" href="#self-signed-certificate" title="Self-signed
certificate">Self-signed certificate</a>
+ </li>
+ <ul class="nav flex-column flex-nowrap nav-collapsible">
+ <li class="h3">
+ <a class="nav-link" href="#prerequisites3"
title="Prerequisites">Prerequisites</a>
+ </li>
+ <li class="h3">
+ <a class="nav-link" href="#steps-for-om-server" title="Steps for OM
server">Steps for OM server</a>
+ </li>
+ <li class="h3">
+ <a class="nav-link" href="#steps-for-client-machines" title="Steps for
client machines">Steps for client machines</a>
+ </li>
+ </ul>
+ <li class="h2">
+ <a class="nav-link" href="#ssl-for-the-web-interface" title="SSL for
the web interface">SSL for the web interface</a>
+ </li>
+ <li class="h2">
+ <a class="nav-link" href="#set-up-rtmps" title="Set up RTMPS">Set up
RTMPS</a>
+ </li>
+ <ul class="nav flex-column flex-nowrap nav-collapsible">
+ <li class="h3">
+ <a class="nav-link" href="#tunneling-rtmps" title="Tunneling
RTMPS">Tunneling RTMPS</a>
+ </li>
+ <li class="h3">
+ <a class="nav-link" href="#native-rtmps" title="Native RTMPS">Native
RTMPS</a>
+ </li>
+ </ul>
+ <li class="h2">
+ <a class="nav-link"
href="#setting-up-different-set-of-allowed-cithers" title="Setting up different
set of allowed cithers">Setting up different set of allowed cithers</a>
+ </li>
+ <li class="h2">
+ <a class="nav-link" href="#credits1" title="Credits">Credits</a>
+ </li>
+ </ul>
+ </nav>
+ </div>
+ </div>
+ </div> <!-- row: end -->
+</div> <!-- .main-body: end -->
+ <div id="m_scrolltop" class="m-scrolltop">
+ <i class="fa fa-arrow-up"></i>
+ </div>
+ <!-- Footer -->
+<footer class="footer-light bg-light">
+ <div class="container">
+ <div class="row">
+ <div class="col bottom-nav">
+ <ul class="nav flex-column nav-list">
+ <li class="nav-header">
+General
+ </li>
+ <li class="nav-item "><a href="index.html" title="Home"
class="nav-link" >Home</a></li>
+ <li class="nav-item "><a
href="https://www.apache.org/licenses/"; title="License" class="externalLink
nav-link" >License</a></li>
+ <li class="nav-item "><a href="https://www.apache.org/";
title="ASF" class="externalLink nav-link" >ASF</a></li>
+ <li class="nav-item "><a
href="https://www.apache.org/foundation/sponsorship"; title="Sponsorship"
class="externalLink nav-link" >Sponsorship</a></li>
+ <li class="nav-item "><a
href="https://www.apache.org/foundation/thanks"; title="Thanks"
class="externalLink nav-link" >Thanks</a></li>
+ <li class="nav-item "><a href="CallForLogo.html"
title="Call For Logo" class="nav-link" >Call For Logo</a></li>
+ <li class="nav-item "><a href="NewsArchive.html"
title="News archive" class="nav-link" >News archive</a></li>
+ <li class="nav-item "><a href="security.html"
title="Security" class="nav-link" >Security</a></li>
+ <li class="nav-item "><a href="commercial-support.html"
title="Commercial Support" class="nav-link" >Commercial Support</a></li>
+ </ul>
+ </div>
+ <div class="col bottom-nav">
+ <ul class="nav flex-column nav-list">
+ <li class="nav-header">
+Installation
+ </li>
+ <li class="nav-item "><a href="installation.html"
title="Installation" class="nav-link" >Installation</a></li>
+ <li class="nav-item "><a href="Upgrade.html"
title="Upgrade" class="nav-link" >Upgrade</a></li>
+ <li class="nav-item "><a
href="https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools";
title="Tutorials" class="externalLink nav-link" >Tutorials</a></li>
+ <li class="nav-item "><a href="CommandLineAdmin.html"
title="Command Line Admin" class="nav-link" >Command Line Admin</a></li>
+ </ul>
+ </div>
+ <div class="col bottom-nav">
+ <ul class="nav flex-column nav-list">
+ <li class="nav-header">
+Community
+ </li>
+ <li class="nav-item "><a href="get-involved.html"
title="Get Involved" class="nav-link" >Get Involved</a></li>
+ <li class="nav-item "><a href="team.html"
title="Committers" class="nav-link" >Committers</a></li>
+ <li class="nav-item "><a href="OurUsers.html" title="Our
Users" class="nav-link" >Our Users</a></li>
+ <li class="nav-item "><a href="mailing-lists.html"
title="Mailing Lists" class="nav-link" >Mailing Lists</a></li>
+ <li class="nav-item "><a
href="https://cwiki.apache.org/confluence/display/OPENMEETINGS/"; title="Wiki"
class="externalLink nav-link" >Wiki</a></li>
+ </ul>
+ </div>
+ <div class="col bottom-nav">
+ <ul class="nav flex-column nav-list">
+ <li class="nav-header">
+Development
+ </li>
+ <li class="nav-item "><a href="scm.html" title="Source
Code" class="nav-link" >Source Code</a></li>
+ <li class="nav-item "><a href="issue-management.html"
title="Bugs / Issues" class="nav-link" >Bugs / Issues</a></li>
+ <li class="nav-item "><a href="dependencies.html"
title="Dependencies" class="nav-link" >Dependencies</a></li>
+ <li class="nav-item "><a href="integration.html"
title="Continuous Integration" class="nav-link" >Continuous
Integration</a></li>
+ <li class="nav-item "><a href="BuildInstructions.html"
title="Build Instructions" class="nav-link" >Build Instructions</a></li>
+ <li class="nav-item "><a href="JUnitTesting.html"
title="JUnit Testing" class="nav-link" >JUnit Testing</a></li>
+ <li class="nav-item "><a href="ManualTesting.html"
title="Manual Testing" class="nav-link" >Manual Testing</a></li>
+ <li class="nav-item "><a href="ReleaseGuide.html"
title="Release Guide" class="nav-link" >Release Guide</a></li>
+ <li class="nav-item "><a href="WebsiteGuide.html"
title="Website Guide" class="nav-link" >Website Guide</a></li>
+ </ul>
+ </div>
+ </div> <!-- END: .row -->
+ </div> <!-- END: .container -->
+</footer>
+ <div class="container subfooter text-center">
+ <div class="row">
+ <div class="col-md-12">
+ <p class="copyright">Copyright ©2012-2020
+ <a href="https://apache.org";>Apache Software Foundation</a>
+. All Rights Reserved.</p>
+ </div>
+ </div>
+ </div>
+
+ <!-- Le javascript
+ ================================================== -->
+ <!-- Placed at the end of the document so the pages load faster -->
+ <script src="./js/jquery.min.js" crossorigin="anonymous"></script>
+ <script src="./js/popper.min.js" crossorigin="anonymous"></script>
+ <script src="./js/bootstrap.min.js" crossorigin="anonymous"></script>
+
+ <script src="./js/lightbox.min.js" crossorigin="anonymous"></script>
+ <script src="./js/highlight.min.js"
crossorigin="anonymous"></script>
+
+<script src="./js/site.js" type="text/javascript"></script>
+<script src="./js/jquery-ui.min.js" type="text/javascript"></script>
+<script src="./js/netcalc.js" type="text/javascript"></script>
+<p class="text-center">Apache OpenMeetings, OpenMeetings, Apache, the Apache
feather, and the Apache OpenMeetings project logo</p>
+<p class="text-center">are trademarks of the Apache Software Foundation.</p>
<script src="./js/reflow-skin.js" crossorigin="anonymous"></script>
+ <script src="./js/anchor.min.js" crossorigin="anonymous"></script>
+ </body>
+</html>
![https://apache.org/img/asf_logo.png"](https://apache.org/img/asf_logo.png"){kind=link}