Stephen, I really appreciate the input. This is meant to be a production server, and I completely agree with you that it, and any sites that are published to the public WAN that require a logon, should be secure. So, I guess I'll have to consider buying a cert (already have some for other of our sites, so it's easy to get).
Again, thanks. Dimitri On Thursday 25 October 2012 11:25:50 am Stephen Cottham wrote: > Just copy the first cert with a different name > > cp keystore keystore.screen > > and then you're good to go. > > If you don't want your end users to have to mess around with SSL certs > then you will probably have to purchase a legitimate one - as painful as > it is the security around SSL is there to protect SSL sites. > > If you are not authenticating against LDAP and happy for your local > password to be sent in clear-txt when logging into the Openmeetings > service then don't worry about SSL, personally, IMO any sites that are > published to the public WAN that requires a log on should be secure. > > Is this just a test server or a service you are supplying to "customers" > ? > > > -----Original Message----- > From: Dimitri Yioulos [mailto:[email protected]] > Sent: 25 October 2012 16:14 > To: [email protected] > Subject: Re: Struggling with SSL > > Hmmm. If that's the case, then to heck with it. If users have to do > that, it'll be a huge pita. I can't imagine asking e.g. my grandmother > to do it :-0 . > > > The second part of the command is for the screen sharing component to > > work, it requires its only SSL certificate -> this one is called > > keystore.screen > > Trying to create this second part doesn't work, as I mentioned. I get > the following error: > > keytool error: java.lang.Exception: Key pair not generated, alias <Red5> > already exists > > Dimitri > > On Thursday 25 October 2012 11:02:00 am Stephen Cottham wrote: > > Hi Dimitri, > > > > Unfortunately you won't be able to get your end users to use SSL > > without them importing the root certificate, the reason RTMPS doesn't > > connect is because as far as the browser is concerned this is an > > invalid certificate, HTTPS will work fine just by simply accepting the > > > > certificate via the browser RTMPS will not work for you unless you > > have a "real" SSL cert with a trusted worldwide root certificate. > > (It's a security issue.. by adding your root cert in your telling your > > > > browser that you trust it regardless off its contents...) > > > > Maybe just do the steps I sent to you earlier to make sure that this > > is your only issue first? > > > > The second part of the command is for the screen sharing component to > > work, it requires its only SSL certificate -> this one is called > > keystore.screen > > > > Best Regards > > > > > > Stephen Cottham > > Group IT Manager (Associate) > > > > Robert Bird Group > > Level 5, 333 Ann St > > Brisbane, Queensland, 4000, Australia > > Phone: +6173 319 2777 (AUS) > > Phone: +44207 592 8000 (UK) > > Fax: +6173 319 2799 > > > > Mobile: +61400 756 963 (AUS) > > Mobile: +447900 918 616 (UK) > > Web: www.robertbird.com > > > > > > This email and any attachments are confidential and may contain > > legally privileged information or copyright material. Unless expressly > > > > stated, confidentiality and/or legal privilege is not intended to be > > waived by the sending of this email. The contents of this email, > > including any attachments, are intended solely for the use of the > > individual or entity to whom they are addressed. If you are not an > > intended recipient, please contact us immediately by return email and > > then delete both messages. You may not otherwise read, forward, copy, > > use or disclose this email or any attachments. Any views expressed in > > this email are those of the individual sender except where the sender > > expressly, and with authority, states otherwise. It is your > > responsibility to check any attachments for viruses or defects before > > opening or sending them on. None of the sender or its related entities > > > > accepts any liability for any consequential damage resulting from this > > email containing computer viruses. > > > Disclaimer added by CodeTwo Exchange Rules http://www.codetwo.com > > > > -----Original Message----- > > From: Dimitri Yioulos [mailto:[email protected]] > > Sent: 25 October 2012 15:54 > > To: [email protected] > > Subject: Re: Struggling with SSL > > > > Stephen, > > > > Thanks for that, but I really don't care about importing the cert into > > > > my Windows client, and don't want my end users to do that, either. > > Once I accept the cert via my browser, I should be good-to-go. > > > > Going back to an earlier post of yours, I did this part just fine: > > > > keytool -keysize 2048 -genkey -keyalg RSA -alias red5 -keystore > > red5/conf/keystore -storepass "mypassword" -validity 15000 > > > > However, this part failed with "keytool error: java.lang.Exception: > > Key pair not generated, alias <Red5> already exists": > > > > keytool -keysize 2048 -genkey -keyalg RSA -alias red5 -keystore > > red5/conf/keystore.screen -storepass "mypassword" -validity 15000 > > > > Is the second part necessary? > > > > I'm still the Error Missing stuff. > > > > Dimitri > > > > On Thursday 25 October 2012 10:15:25 am Stephen Cottham wrote: > > > Example like here: > > > > > > http://blogs.technet.com/b/sbs/archive/2007/04/10/installing-a-self- > > > si gn ed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx > > > > > > This is for a webmail site but the principal l is exactly the same > > > for any SSL site you want to import the cert from. > > > > > > (Oh im assuming you are using a Windows client?) > > > > > > > > > > > > -----Original Message----- > > > From: Stephen Cottham [mailto:[email protected]] > > > Sent: 25 October 2012 15:13 > > > To: [email protected] > > > Subject: RE: Struggling with SSL > > > > > > Looks fine, id just import the cert as a trusted root certificate > > > and test it again. > > > > > > > > > -----Original Message----- > > > From: Dimitri Yioulos [mailto:[email protected]] > > > Sent: 25 October 2012 15:08 > > > To: [email protected] > > > Subject: Re: Struggling with SSL > > > > > > Stephen, > > > > > > Here's the command I used to create the self-signed cert: > > > > > > keytool -genkey -keyalg RSA -alias > > > Red5 -keystore /usr/local/openmeetings/conf/keystore -storepass > > > password -validity 3650 -keysize 2048 > > > > > > Dimitri > > > > > > On Thursday 25 October 2012 9:38:33 am Stephen Cottham wrote: > > > > Are you using a self-signed certificate? > > > > > > > > Stephen Cottham > > > > Group IT Manager (Associate) > > > > > > > > Robert Bird Group > > > > Level 5, 333 Ann St > > > > Brisbane, Queensland, 4000, Australia > > > > Phone: +6173 319 2777 (AUS) > > > > Phone: +44207 592 8000 (UK) > > > > Fax: +6173 319 2799 > > > > > > > > Mobile: +61400 756 963 (AUS) > > > > Mobile: +447900 918 616 (UK) > > > > Web: www.robertbird.com > > > > > > > > > > > > This email and any attachments are confidential and may contain > > > > legally privileged information or copyright material. Unless > > > > expressly > > > > > > > > stated, confidentiality and/or legal privilege is not intended to > > > > be waived by the sending of this email. The contents of this > > > > email, including any attachments, are intended solely for the use > > > > of the individual or entity to whom they are addressed. If you are > > > > > > > > not an intended recipient, please contact us immediately by return > > > > > > > > email and then delete both messages. You may not otherwise read, > > > > forward, copy, use or disclose this email or any attachments. Any > > > > views expressed in this email are those of the individual sender > > > > except where the sender expressly, and with authority, states > > > > otherwise. It is your responsibility to check any attachments for > > > > viruses or defects before opening or sending them on. None of the > > > > sender or its related entities > > > > > > > > accepts any liability for any consequential damage resulting from > > > > this > > > > > > email containing computer viruses. > > > > > > > Disclaimer added by CodeTwo Exchange Rules http://www.codetwo.com > > > > > > > > -----Original Message----- > > > > From: Dimitri Yioulos [mailto:[email protected]] > > > > Sent: 25 October 2012 14:18 > > > > To: [email protected] > > > > Subject: Struggling with SSL > > > > > > > > Greetz, all. > > > > > > > > Over the past couple of days, I've tried to make openmeetings over > > > > > > > > ssl > > > > > > > > work using the directions found on the Web, but have failed. I > > > > don't see any obvious errors when starting red5, but get the > > > > dreaded "Error Missing [204] --> Error Missing [556] --> Error > > > > Missing [642]" when I go to https://myserver. > > > > Help would be much appreciated. > > > > > > > > Dimitri > > > > > > > > -- > > > > This message has been scanned for viruses and dangerous content by > > > > > > > > MailScanner, and is believed to be clean. > > > > > > -- > > > This message has been scanned for viruses and dangerous content by > > > MailScanner, and is believed to be clean. > > > > -- > > This message has been scanned for viruses and dangerous content by > > MailScanner, and is believed to be clean. > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
