This is an automated email from the ASF dual-hosted git repository. solomax pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/openmeetings-site.git
The following commit(s) were added to refs/heads/asf-site by this push: new 5ed0234 no jira: HTTPS 4.0.x config is added 5ed0234 is described below commit 5ed0234160df3edca57c23f67115ffa223f407ed Author: Maxim Solodovnik <solomax...@gmail.com> AuthorDate: Mon Oct 26 13:47:28 2020 +0700 no jira: HTTPS 4.0.x config is added --- RTMPSAndHTTPS.html | 606 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 606 insertions(+) diff --git a/RTMPSAndHTTPS.html b/RTMPSAndHTTPS.html new file mode 100644 index 0000000..1a0fb96 --- /dev/null +++ b/RTMPSAndHTTPS.html @@ -0,0 +1,606 @@ + + + + <!doctype html> +<!-- + Generated by Apache Maven Doxia at 2020-08-22 Rendered using Reflow Maven Skin 2.3.0 (http://devacfr.github.io/reflow-maven-skin) +--> +<html xml:lang="en" lang="en"> + <head> + <meta charset="UTF-8" /> + <title>Apache OpenMeetings Project – Using OpenMeetings with RTMPS and HTTPS</title> + <meta name="viewport" content="width=device-width, initial-scale=1.0" /> + <meta name="description" content="" /> + <meta name="author" content="Apache OpenMeetings Team" /> + <meta http-equiv="content-language" content="en" /> + <link href="./css/themes/cerulean/bootstrap.min.css" rel="stylesheet" /> + <link href="./css/fontawesome/all.min.css" rel="stylesheet" /> + <link href="./css/reflow-skin.css" rel="stylesheet" /> + + <link rel="stylesheet" href="./js/styles/github.min.css" /> + + <link href="./css/lightbox.css" rel="stylesheet" /> + <link href="./css/site.css" rel="stylesheet" /> + <link href="./css/print.css" rel="stylesheet" media="print" /> +<link rel="stylesheet" href="./css/site.css"/> + </head> <!-- end : head --> +<body class="page-rtmpsandhttps project-openmeetings-server anchorjs-enabled scrolltop-smooth-enabled m-toc-sidebar-enabled m-toc-sidebar-expanded m-toc-sidebar-autoexpandable toc-sidebar-fixed"> + <nav id="m-top-navbar" class="navbar navbar-expand-lg fixed-top navbar-light bg-light navbar-dark bg-primary"> +<div class="container"> <a class="navbar-brand mb-0 h1" href="index.html"> + <span class="color-highlight">Apache</span> OpenMeetings + </a> + <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#top-navbar-collapse-1" aria-controls="top-navbar-collapse-1" aria-expanded="false" aria-label="Toggle navigation"> + <span class="navbar-toggler-icon"></span> + </button> + <div class="collapse navbar-collapse" id="top-navbar-collapse-1"> + <ul class="nav navbar-nav ml-auto"> + <li class="nav-item " ><a href="demo.html" title="Demo" class="nav-link" >Demo</a></li> + <li class="nav-item " ><a href="downloads.html" title="Download" class="nav-link" >Download</a></li> + <li class="nav-item " ><a href="https://cwiki.apache.org/confluence/display/OPENMEETINGS" title="Wiki" class="externalLink nav-link" >Wiki</a></li> + <li class="nav-item dropdown"> + <a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">General <b class="caret"></b></a> + <div class="dropdown-menu"> + <a href="index.html" title="Home" class="dropdown-item ">Home</a> + <a href="https://www.apache.org/licenses/" title="License" class="dropdown-item ">License</a> + <a href="https://www.apache.org/" title="ASF" class="dropdown-item ">ASF</a> + <a href="https://www.apache.org/foundation/sponsorship" title="Sponsorship" class="dropdown-item ">Sponsorship</a> + <a href="https://www.apache.org/foundation/thanks" title="Thanks" class="dropdown-item ">Thanks</a> + <a href="CallForLogo.html" title="Call For Logo" class="dropdown-item ">Call For Logo</a> + <a href="NewsArchive.html" title="News archive" class="dropdown-item ">News archive</a> + <a href="security.html" title="Security" class="dropdown-item ">Security</a> + <a href="commercial-support.html" title="Commercial Support" class="dropdown-item ">Commercial Support</a> + </div> + </li> + <li class="nav-item dropdown"> + <a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Installation <b class="caret"></b></a> + <div class="dropdown-menu"> + <a href="installation.html" title="Installation" class="dropdown-item ">Installation</a> + <a href="Upgrade.html" title="Upgrade" class="dropdown-item ">Upgrade</a> + <a href="https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools" title="Tutorials" class="dropdown-item ">Tutorials</a> + <a href="CommandLineAdmin.html" title="Command Line Admin" class="dropdown-item ">Command Line Admin</a> + </div> + </li> + <li class="nav-item dropdown"> + <a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Community <b class="caret"></b></a> + <div class="dropdown-menu"> + <a href="get-involved.html" title="Get Involved" class="dropdown-item ">Get Involved</a> + <a href="team.html" title="Committers" class="dropdown-item ">Committers</a> + <a href="OurUsers.html" title="Our Users" class="dropdown-item ">Our Users</a> + <a href="mailing-lists.html" title="Mailing Lists" class="dropdown-item ">Mailing Lists</a> + <a href="https://cwiki.apache.org/confluence/display/OPENMEETINGS/" title="Wiki" class="dropdown-item ">Wiki</a> + </div> + </li> + <li class="nav-item dropdown active"> + <a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Configuration <b class="caret"></b></a> + <div class="dropdown-menu"> + <div class="dropdown-submenu"> + <a href="RTMPSAndHTTPS.html#integration" title="Integration" class="dropdown-item" >Integration</a> <div class="dropdown-menu"> + <a href="openmeetings-webservice/apidocs/index.html" title="SOAP/REST API" target="_blank" class="dropdown-item ">SOAP/REST API</a> + <a href="RestAPISample.html" title="REST API Sample" class="dropdown-item ">REST API Sample</a> + <a href="LdapAndADS.html" title="Ldap and ADS" class="dropdown-item ">Ldap and ADS</a> + <a href="oauth2.html" title="OAuth2" class="dropdown-item ">OAuth2</a> + <a href="voip-sip-integration.html" title="VoIP and SIP" class="dropdown-item ">VoIP and SIP</a> + <a href="errorvalues.html" title="Errors table" class="dropdown-item ">Errors table</a> + <a href="CalDAVandGCal.html" title="CalDAV and Google Calendar integration" class="dropdown-item ">CalDAV and Google Calendar integration</a> + <a href="ExternalVideo.html" title="External Video/Camera" class="dropdown-item ">External Video/Camera</a> + </div> + </div> + <div class="dropdown-submenu"> + <a href="RTMPSAndHTTPS.html#plugins" title="Plugins" class="dropdown-item" >Plugins</a> <div class="dropdown-menu"> + <a href="MoodlePlugin.html" title="Moodle Plugin" class="dropdown-item ">Moodle Plugin</a> + <a href="SakaiPlugin.html" title="Sakai Plugin" class="dropdown-item ">Sakai Plugin</a> + <a href="JiraPlugin.html" title="Jira Plugin" class="dropdown-item ">Jira Plugin</a> + <a href="JoomlaPlugin.html" title="Joomla Plugin" class="dropdown-item ">Joomla Plugin</a> + <a href="DrupalPlugin.html" title="Drupal Plugin" class="dropdown-item ">Drupal Plugin</a> + <a href="BitrixPlugin.html" title="Bitrix Plugin" class="dropdown-item ">Bitrix Plugin</a> + <a href="ConfluencePlugin.html" title="Confluence Plugin" class="dropdown-item ">Confluence Plugin</a> + <a href="SugarCRMPlugin.html" title="SugarCRM Plugin" class="dropdown-item ">SugarCRM Plugin</a> + <a href="RedminePlugin.html" title="Redmine Plugin" class="dropdown-item ">Redmine Plugin</a> + </div> + </div> + <div class="dropdown-submenu"> + <a href="RTMPSAndHTTPS.html#db" title="DB Sample Configurations" class="dropdown-item" >DB Sample Configurations</a> <div class="dropdown-menu"> + <a href="ApacheDerbyConfig.html" title="Apache Derby" class="dropdown-item ">Apache Derby</a> + <a href="IBMDB2Config.html" title="IBM DB2" class="dropdown-item ">IBM DB2</a> + <a href="OracleConfig.html" title="Oracle" class="dropdown-item ">Oracle</a> + <a href="MySQLConfig.html" title="MySQL" class="dropdown-item ">MySQL</a> + <a href="PostgresConfig.html" title="Postgres" class="dropdown-item ">Postgres</a> + <a href="MSSQLConfig.html" title="MSSQL" class="dropdown-item ">MSSQL</a> + </div> + </div> + <div class="dropdown-submenu"> + <a href="RTMPSAndHTTPS.html#localization" title="Localization and languages" class="dropdown-item" >Localization and languages</a> <div class="dropdown-menu"> + <a href="Internationalisation.html" title="Internationalisation" class="dropdown-item ">Internationalisation</a> + <a href="LanguageEditor.html" title="LanguageEditor" class="dropdown-item ">LanguageEditor</a> + <a href="TimeZoneHandling.html" title="TimeZoneHandling" class="dropdown-item ">TimeZoneHandling</a> + <a href="EditTemplates.html" title="EditTemplates" class="dropdown-item ">EditTemplates</a> + </div> + </div> + <div class="dropdown-submenu"> + <a href="RTMPSAndHTTPS.html#port" title="NAT Port Settings" class="dropdown-item" >NAT Port Settings</a> <div class="dropdown-menu"> + <a href="PortSettings.html" title="Port settings" class="dropdown-item ">Port settings</a> + </div> + </div> + <div class="dropdown-submenu"> + <a href="RTMPSAndHTTPS.html#performance" title="Performance" class="dropdown-item" >Performance</a> <div class="dropdown-menu"> + <a href="JVMPerformanceTuning.html" title="JVM performance tuning" class="dropdown-item ">JVM performance tuning</a> + <a href="NetworkCalculator.html" title="Network bandwidth calculator" class="dropdown-item ">Network bandwidth calculator</a> + </div> + </div> + <div class="dropdown-submenu"> + <a href="RTMPSAndHTTPS.html#interface" title="User Interface" class="dropdown-item" >User Interface</a> <div class="dropdown-menu"> + <a href="themes-and-branding.html" title="Themes" class="dropdown-item ">Themes</a> + <a href="Dashboard.html" title="Dashboard" class="dropdown-item ">Dashboard</a> + <a href="WebcamResolutions.html" title="Webcam resolutions" class="dropdown-item ">Webcam resolutions</a> + <a href="ConferenceRoomLayoutOptions.html" title="Room layout options" class="dropdown-item ">Room layout options</a> + <a href="HotKeys.html" title="Hot Keys" class="dropdown-item ">Hot Keys</a> + </div> + </div> + <div class="dropdown-submenu"> + <a href="RTMPSAndHTTPS.html#customize" title="Customization" class="dropdown-item" >Customization</a> <div class="dropdown-menu"> + <a href="WebappNamePath.html" title="Webapp name/path" class="dropdown-item ">Webapp name/path</a> + <a href="Navigation.html" title="Navigation" class="dropdown-item ">Navigation</a> + <a href="CalendarAndTimezone.html" title="Calendar and timezone" class="dropdown-item ">Calendar and timezone</a> + <a href="CustomRoomTypeHowTo.html" title="Custom room type" class="dropdown-item ">Custom room type</a> + <a href="CustomCryptMechanism.html" title="Custom crypt mechanism" class="dropdown-item ">Custom crypt mechanism</a> + <a href="GeneralConfiguration.html" title="General Configuration" class="dropdown-item ">General Configuration</a> + <a href="PrivacyStatement.html" title="Privacy Statement" class="dropdown-item ">Privacy Statement</a> + </div> + </div> + <div class="dropdown-submenu"> + <a href="RTMPSAndHTTPS.html#security" title="Security" class="dropdown-item active" >Security</a> <div class="dropdown-menu"> + <a href="RestrictedAccess.html" title="Restricted Access" class="dropdown-item ">Restricted Access</a> + <a href="" title="RTMPS and HTTPS" class="dropdown-item active">RTMPS and HTTPS</a> + </div> + </div> + <div class="dropdown-submenu"> + <a href="RTMPSAndHTTPS.html#convert" title="Converters" class="dropdown-item" >Converters</a> <div class="dropdown-menu"> + <a href="OpenOfficeConverter.html" title="OpenOffice Converter" class="dropdown-item ">OpenOffice Converter</a> + </div> + </div> + <div class="dropdown-submenu"> + <a href="RTMPSAndHTTPS.html#cluster" title="Clustering" class="dropdown-item" >Clustering</a> <div class="dropdown-menu"> + <a href="Clustering.html" title="Clustering" class="dropdown-item ">Clustering</a> + </div> + </div> + <div class="dropdown-submenu"> + <a href="RTMPSAndHTTPS.html#misc" title="Misc" class="dropdown-item" >Misc</a> <div class="dropdown-menu"> + <a href="GetVersionInfo.html" title="Get version info" class="dropdown-item ">Get version info</a> + </div> + </div> + </div> + </li> + <li class="nav-item dropdown"> + <a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Development <b class="caret"></b></a> + <div class="dropdown-menu"> + <a href="scm.html" title="Source Code" class="dropdown-item ">Source Code</a> + <a href="issue-management.html" title="Bugs / Issues" class="dropdown-item ">Bugs / Issues</a> + <a href="dependencies.html" title="Dependencies" class="dropdown-item ">Dependencies</a> + <a href="integration.html" title="Continuous Integration" class="dropdown-item ">Continuous Integration</a> + <a href="BuildInstructions.html" title="Build Instructions" class="dropdown-item ">Build Instructions</a> + <a href="JUnitTesting.html" title="JUnit Testing" class="dropdown-item ">JUnit Testing</a> + <a href="ManualTesting.html" title="Manual Testing" class="dropdown-item ">Manual Testing</a> + <a href="ReleaseGuide.html" title="Release Guide" class="dropdown-item ">Release Guide</a> + <a href="WebsiteGuide.html" title="Website Guide" class="dropdown-item ">Website Guide</a> + </div> + </li> + </ul><!--/ul.navbar-nav --> + </div><!--/.nav-collapse --> +</div> <!--/.container --> </nav> <!--/.navbar --> + <div class="main-body"> + <div class="header " role="main"> + <div class="container container-fluid"> + <div class="jumbotron header--jumbotron "> + <div id="banner" class="row header--banner"> + <div class="col-md-12"> + <div class="float-left header--banner--left bannerLeft"> + <a href="index.html"> + <img class="float-left m-2 img-fluid" src="images/logo.png" /> + <h1>Apache OpenMeetings</h1> + </a> + </div> + <div class="float-right header--banner--right bannerRight"> + <a href="https://apache.org"> + <img class="float-left m-2 img-fluid" src="https://apache.org/img/asf_logo.png" /> + <h1>Apache</h1> + </a> + </div> + </div> + </div> + </div> + </div> + </div> <!-- end : header --> + <div class="row mt-5"> + <div class="d-xs-none d-sm-none d-md-none d-lg-block col-lg-2"> + </div> + <main class="col-xs-12 col-sm-12 col-md-12 col-lg-12 col-xl-8" role="main"> + <nav aria-label="breadcrumb"> + <ol class="breadcrumb"> + <li class="publishDate version-date"> Last Published: 2020-08-22</li> + </ol> + </nav> + <section> + <div class="page-header"> + <h2 id="using-openmeetings-with-rtmps-and-https">Using OpenMeetings with RTMPS and HTTPS</h2> + </div> + <p>There are 3 ways the client communicates with the server: </p> + <ul> + <li>The flash-client uses RTMP protocol to transfer Audio/Video and to send and receive the user data (login et cetera) to the server and back </li> + <li>The browser uses HTTP protocol to load the SWF and to upload and download the files (documents, pdfs, images) to the server and back. </li> + <li>The screensharing client uses RTMP protocol to transfer screen data and remote control to the server and back </li> + </ul> +</section> +<section> + <h2 id="real-certificate">'Real' certificate</h2> + <section> + <h3 id="prerequisites1">Prerequisites</h3> + <ul> + <li>You need OpenMeetings 1.9.x or later for this, OpenMeetings 1.8.x does not have those options.</li> + <li>Install OpenMeetings according to the install instructions and check that it runs without problems</li> + <li>Rename the existing keystore file <code>red5/conf/keystore.jmx</code> to <code>red5/conf/keystore.bak</code></li> + <li>Rename the existing truststore file <code>red5/conf/truststore.jmx</code> to <code>red5/conf/truststore.bak</code></li> + </ul> + </section> + <section> + <h3 id="create-keystore-from-the-scratch">Create Keystore from the scratch</h3> + <ol style="list-style-type: decimal"> + <li> Create a new keystore and key, use the same password for both:<br> <br> + <div class="source"> + <pre>keytool -keysize 2048 -genkey -alias red5 -keyalg RSA -keystore red5/conf/keystore.jks +Enter keystore password: +Re-enter new password: +What is your first and last name? +[Unknown]: <your hostname, e.g demo.openmeetings.de> +What is the name of your organizational unit? +[Unknown]: Dev +What is the name of your organization? +[Unknown]: OpenMeetings +What is the name of your City or Locality? +[Unknown]: Henderson +What is the name of your State or Province? +[Unknown]: Nevada +What is the two-letter country code for this unit? +[Unknown]: US +Is CN=demo.openmeetings.de, OU=Dev, O=OpenMeetings, L=Henderson, ST=Nevada, C=US correct? +[no]: yes +Enter key password for <red5> +</pre> + </div> </li> + <li>Generate a CSR: + <div class="source"> + <pre>keytool -certreq -keyalg RSA -alias red5 -file red5.csr -keystore red5/conf/keystore.jks</pre> + </div> </li> + <li>Submit CSR to your CA of choice and receive a signed certificate </li> + <li>Import your chosen CA's root certificate into the keystore (may need to download it from their site - make sure to get the root CA and not the intermediate one): + <div class="source"> + <pre>keytool -import -alias root -keystore red5/conf/keystore.jks -trustcacerts -file root.crt</pre> + </div> (note: you may receive a warning that the certificate already exists in the system wide keystore - import anyway) </li> + <li>Import the intermediate certificate(s) you normally receive with the certificate: + <div class="source"> + <pre>keytool -import -alias intermed -keystore red5/conf/keystore.jks -trustcacerts -file intermediate.crt</pre> + </div> </li> + <li>Import the certificate you received: + <div class="source"> + <pre>keytool -import -alias red5 -keystore red5/conf/keystore.jks -trustcacerts -file demo.openmeetings.de.crt</pre> + </div> </li> + <li>Please NOTE according to this <a class="externalLink" href="http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html">http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html</a> guide you can split keystore and truststore (OPTIONAL you might just copy keystore to truststore) </li> + <li>Create additional certificate as described above. Add this certificate to the following keystores: <code>red5/conf/keystore.screen</code> and <code>red5/conf/keystore.jks</code>. (This step is required to be able to use screen-sharing web application, you can copy "main" keystore while testing) </li> + </ol> + </section> + <section> + <h3 id="create-keystore-using-existing-key-pair">Create Keystore using existing key-pair</h3> + <section> + <h4 id="prerequisites2">Prerequisites</h4> + <ul> + <li>Server key: red5.key</li> + <li>Signed CSR: red5.crt</li> + <li>CA's root certificate: root.crt</li> + <li>** Intermediate certificate(s): intermedXX.crt</li> + </ul> + </section> + <section> + <h4 id="steps1">Steps</h4> + <ol style="list-style-type: decimal"> + <li> Export existing keys into PKCS12 format:<br> <br> + <div class="source"> + <pre>openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12 -name red5 -certfile root.crt -certfile intermedXX.crt + +Enter Export Password: password +Verifying - Enter Export Password: password +</pre> + </div> </li> + <li>Import resulting red5.p12 into keystore: + <div class="source"> + <pre>keytool -importkeystore -srcstorepass password -srckeystore red5.p12 -srcstoretype PKCS12 -deststorepass password -destkeystore red5/conf/keystore.jks -alias red5 +</pre> + </div> </li> + <li>Import your chosen CA's root certificate into the keystore (may need to download it from their site - make sure to get the root CA and not the intermediate one): + <div class="source"> + <pre>keytool -import -alias root -keystore red5/conf/keystore.jks -trustcacerts -file root.crt</pre> + </div> (note: you may receive a warning that the certificate already exists in the system wide keystore - import anyway) </li> + <li>Import the intermediate certificate(s) you normally receive with the certificate: + <div class="source"> + <pre>keytool -import -alias intermed -keystore red5/conf/keystore.jks -trustcacerts -file intermedXX.crt</pre> + </div> </li> + <li>Please NOTE according to this <a class="externalLink" href="http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html">http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html</a> guide you can split keystore and truststore (OPTIONAL you might just copy keystore to truststore) </li> + <li>Create additional certificate as described above. Add this certificate to the following keystores: <code>red5/conf/keystore.screen</code> and <code>red5/conf/keystore.jks</code>. (This step is required to be able to use screen-sharing web application, you can copy "main" keystore while testing) </li> + </ol> + </section> + </section> +</section> +<section> + <h2 id="self-signed-certificate">Self-signed certificate</h2> + <section> + <h3 id="prerequisites3">Prerequisites</h3> + <ul> + <li>Create CA's root certificate: ca.crt</li> + <li>Create self-signed server certificate: red5.crt <code>Common Name (CN) while creating certificate should be assign to FQDN of your site, for example - vkc.company.com</code></li> + <li>Rename the existing keystore file <code>red5/conf/keystore.jmx</code> to <code>red5/conf/keystore.bak</code></li> + <li>Rename the existing truststore file <code>red5/conf/truststore.jmx</code> to <code>red5/conf/truststore.bak</code></li> + </ul> + </section> + <section> + <h3 id="steps-for-om-server">Steps for OM server</h3> + <ol style="list-style-type: decimal"> + <li>Export existing keys into PKCS12 format: + <div class="source"> + <pre>cd _folder_with_certificates_ +openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12 -name red5 -certfile ca.crt +</pre> + </div> </li> + <li>Import resulting red5.p12 into keystore: + <div class="source"> + <pre>keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12 -srcstoretype PKCS12 -deststorepass changeit -destkeystore /opt/red5/conf/keystore.jks -alias red5 +</pre> + </div> This command creates the keystore.jks with password changeit (may be any password) </li> + <li>Import your CA's root certificate into the keystore: + <div class="source"> + <pre>keytool -import -alias root -keystore /opt/red5/conf/keystore.jks -keystorepass changeit -trustcacerts -file ca.crt +</pre> + </div> </li> + <li>copy keystore to truststore + <div class="source"> + <pre>cp /opt/red5/conf/keystore.jks /opt/red5/conf/truststore.jks +</pre> + </div> </li> + <li>Change passwords in /opt/red5/conf/red5.properties + <div class="source"> + <pre>rtmps.keystorepass=changeit +rtmps.truststorepass=changeit +jmx.keystorepass=changeit +</pre> + </div> </li> + <li>Set up SSL according <a href="#SSL_for_the_web_interface" title="SSL for the web interface">SSL for the web interface</a> section.</li> + <li>Set up RTMPS according <a href="#Tunneling_RTMPS" title="Tunneling RTMPS">Tunneling RTMPS</a> or <a href="#Native_RTMPS" title="Native RTMPS">Native RTMPS</a> sections.</li> + <li>Restart OM service or whole OM server. Now OM server is ready to accept SSL-connections.</li> + </ol> + </section> + <section> + <h3 id="steps-for-client-machines">Steps for client machines</h3> + <p>Windows specific steps are marked with (**)</p> + <ol style="list-style-type: decimal"> + <li>(**)Add the ca.crt certificate as trusted into the CA's list on all windows PC at the system level (certmgr.msc applet)</li> + <li>Add the ca.crt certificate as trusted into Chrome/Firefox if it used</li> + <li> Add the ca.crt certificate into ${JAVA_HOME}/lib/security/cacerts with keytool utility on a PC that organizes screensharing <p> (**) <br> For example, Java Version 8 Update 144 has been installed on Windows machine by default location path.<br> Copy ca.crt to a folder : c:\ca.crt<br> Start command line interface as administrator:<br> runas /user:AdminAccount cmd.exe<br> Enter admin password<br> Enter to bin directory of java:<br> cd "c:\Program Files\Java\jre1.8.0_144\bin"<br> Im [...] + </ol> + </section> +</section> +<section> + <h2 id="ssl-for-the-web-interface">SSL for the web interface</h2> + <p>Please perform following steps if you want to use SSL for the web interface. This is mainly to secure the server against MITM attacks, additionally some other features like file uploads also use a plain HTTP connection if this is not done. The following instructions assume that you have already set up RTMPS successfully. </p> + <ol style="list-style-type: decimal"> + <li> Edit <code>red5/conf/jee-container.xml</code> file:<br> Comment <code>Tomcat without SSL enabled</code> section<br> UNComment <code>Tomcat with SSL enabled</code> section </li> + <li> Restart red5 and try to connect to <u>https://your.server:5443</u> - you should be redirected to the OpenMeetings app and all access should be via HTTPS and/or RTMPS (close port 5080 to be sure). </li> + </ol> +</section> +<section> + <h2 id="set-up-rtmps">Set up RTMPS</h2> + <section> + <h3 id="tunneling-rtmps">Tunneling RTMPS</h3> + <ol style="list-style-type: decimal"> + <li>HTTPS need to be enabled otherwise tunneling will not work (it can be set up using frontend nginx/apache as well)</li> + <li> In Administration->Configuration set<br> <br> + <div class="source"> + <pre> flash.secure = true + flash.secure.proxy = none +</pre> + </div> </li> + <li>Restart red5 and try to connect - your connection should now be made via RTMPS (close port 1935 to be sure) </li> + </ol> + </section> + <section> + <h3 id="native-rtmps">Native RTMPS</h3> + <ol style="list-style-type: decimal"> + <li> Default RTMPS port is 8443, you can change it by editing <code>red5/conf/red5.properties</code> and change the port here: <code>rtmps.port=8443</code><br> Please set <code>rtmps.keystorepass=password</code> and <code>rtmps.truststorepass=password</code> (password = password you set on your new keystore(s))<br> Additionally you need to set <code>rtmps.screen.keystorepass=screenpassword</code> (screenpassword = password you set on your keystore for screen-sharing application) </li> + <li> Edit <code>red5/conf/red5-core.xml</code> file:<br> UNComment <code>RTMPS</code> section </li> + <li> In Administration->Configuration set<br> <br> + <div class="source"> + <pre> flash.secure = true + flash.secure.proxy = best +</pre> + </div> </li> + <li>Restart red5 and try to connect - your connection should now be made via RTMPS (close port 1935 to be sure) </li> + </ol> + </section> +</section> +<section> + <h2 id="setting-up-different-set-of-allowed-cithers">Setting up different set of allowed cithers</h2> + <div> + In case you would like to specify different set of allowed cithers you need to + <ol style="list-style-type: decimal"> + <li>Open <code>conf/jee-container.xml</code> using your favorite text editor</li> + <li>Go to <code>"Tomcat with SSL enabled" -> "tomcat.server" -> "connectors" -> "httpsConnector" -> "connectionProperties"</code></li> + <li> Add following entry + <div class="source"> + <pre><entry key="ciphers" value="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES [...] + </div> </li> + </ol> Please check + <a class="externalLink" href="https://issues.apache.org/jira/browse/OPENMEETINGS-1969?focusedCommentId=16721099&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-16721099">this JIRA issue</a> for more information + </div> +</section> +<section> + <h2 id="credits1">Credits</h2> + <p>Thanks to Nexus, Holger Rabbach and Yakovlev Nick for their help and contribution to configuration and documentation! </p> +</section> </main> + <div class="d-none d-sm-none d-md-none d-lg-none d-xl-block col-xl-2"> + <div id="m-toc-sidebar" class="d-print-none m-toc-sidebar-enabled m-toc-sidebar-expanded m-toc-sidebar-autoexpandable toc-sidebar-fixed"> + <nav id="m-toc-sidebar-nav flex-column"> + <ul class="m-nav--sidebar nav flex-column flex-nowrap"> + <li class="h2"> + <a class="nav-link" href="#using-openmeetings-with-rtmps-and-https" title="Using OpenMeetings with RTMPS and HTTPS">Using OpenMeetings with RTMPS and HTTPS</a> + </li> + <li class="h2"> + <a class="nav-link" href="#real-certificate" title="'Real' certificate">'Real' certificate</a> + </li> + <ul class="nav flex-column flex-nowrap nav-collapsible"> + <li class="h3"> + <a class="nav-link" href="#prerequisites1" title="Prerequisites">Prerequisites</a> + </li> + <li class="h3"> + <a class="nav-link" href="#create-keystore-from-the-scratch" title="Create Keystore from the scratch">Create Keystore from the scratch</a> + </li> + <li class="h3"> + <a class="nav-link" href="#create-keystore-using-existing-key-pair" title="Create Keystore using existing key-pair">Create Keystore using existing key-pair</a> + </li> + <ul class="nav flex-column flex-nowrap nav-collapsible"> + <li class="h4"> + <a class="nav-link" href="#prerequisites2" title="Prerequisites">Prerequisites</a> + </li> + <li class="h4"> + <a class="nav-link" href="#steps1" title="Steps">Steps</a> + </li> + </ul> + </ul> + <li class="h2"> + <a class="nav-link" href="#self-signed-certificate" title="Self-signed certificate">Self-signed certificate</a> + </li> + <ul class="nav flex-column flex-nowrap nav-collapsible"> + <li class="h3"> + <a class="nav-link" href="#prerequisites3" title="Prerequisites">Prerequisites</a> + </li> + <li class="h3"> + <a class="nav-link" href="#steps-for-om-server" title="Steps for OM server">Steps for OM server</a> + </li> + <li class="h3"> + <a class="nav-link" href="#steps-for-client-machines" title="Steps for client machines">Steps for client machines</a> + </li> + </ul> + <li class="h2"> + <a class="nav-link" href="#ssl-for-the-web-interface" title="SSL for the web interface">SSL for the web interface</a> + </li> + <li class="h2"> + <a class="nav-link" href="#set-up-rtmps" title="Set up RTMPS">Set up RTMPS</a> + </li> + <ul class="nav flex-column flex-nowrap nav-collapsible"> + <li class="h3"> + <a class="nav-link" href="#tunneling-rtmps" title="Tunneling RTMPS">Tunneling RTMPS</a> + </li> + <li class="h3"> + <a class="nav-link" href="#native-rtmps" title="Native RTMPS">Native RTMPS</a> + </li> + </ul> + <li class="h2"> + <a class="nav-link" href="#setting-up-different-set-of-allowed-cithers" title="Setting up different set of allowed cithers">Setting up different set of allowed cithers</a> + </li> + <li class="h2"> + <a class="nav-link" href="#credits1" title="Credits">Credits</a> + </li> + </ul> + </nav> + </div> + </div> + </div> <!-- row: end --> +</div> <!-- .main-body: end --> + <div id="m_scrolltop" class="m-scrolltop"> + <i class="fa fa-arrow-up"></i> + </div> + <!-- Footer --> +<footer class="footer-light bg-light"> + <div class="container"> + <div class="row"> + <div class="col bottom-nav"> + <ul class="nav flex-column nav-list"> + <li class="nav-header"> +General + </li> + <li class="nav-item "><a href="index.html" title="Home" class="nav-link" >Home</a></li> + <li class="nav-item "><a href="https://www.apache.org/licenses/" title="License" class="externalLink nav-link" >License</a></li> + <li class="nav-item "><a href="https://www.apache.org/" title="ASF" class="externalLink nav-link" >ASF</a></li> + <li class="nav-item "><a href="https://www.apache.org/foundation/sponsorship" title="Sponsorship" class="externalLink nav-link" >Sponsorship</a></li> + <li class="nav-item "><a href="https://www.apache.org/foundation/thanks" title="Thanks" class="externalLink nav-link" >Thanks</a></li> + <li class="nav-item "><a href="CallForLogo.html" title="Call For Logo" class="nav-link" >Call For Logo</a></li> + <li class="nav-item "><a href="NewsArchive.html" title="News archive" class="nav-link" >News archive</a></li> + <li class="nav-item "><a href="security.html" title="Security" class="nav-link" >Security</a></li> + <li class="nav-item "><a href="commercial-support.html" title="Commercial Support" class="nav-link" >Commercial Support</a></li> + </ul> + </div> + <div class="col bottom-nav"> + <ul class="nav flex-column nav-list"> + <li class="nav-header"> +Installation + </li> + <li class="nav-item "><a href="installation.html" title="Installation" class="nav-link" >Installation</a></li> + <li class="nav-item "><a href="Upgrade.html" title="Upgrade" class="nav-link" >Upgrade</a></li> + <li class="nav-item "><a href="https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools" title="Tutorials" class="externalLink nav-link" >Tutorials</a></li> + <li class="nav-item "><a href="CommandLineAdmin.html" title="Command Line Admin" class="nav-link" >Command Line Admin</a></li> + </ul> + </div> + <div class="col bottom-nav"> + <ul class="nav flex-column nav-list"> + <li class="nav-header"> +Community + </li> + <li class="nav-item "><a href="get-involved.html" title="Get Involved" class="nav-link" >Get Involved</a></li> + <li class="nav-item "><a href="team.html" title="Committers" class="nav-link" >Committers</a></li> + <li class="nav-item "><a href="OurUsers.html" title="Our Users" class="nav-link" >Our Users</a></li> + <li class="nav-item "><a href="mailing-lists.html" title="Mailing Lists" class="nav-link" >Mailing Lists</a></li> + <li class="nav-item "><a href="https://cwiki.apache.org/confluence/display/OPENMEETINGS/" title="Wiki" class="externalLink nav-link" >Wiki</a></li> + </ul> + </div> + <div class="col bottom-nav"> + <ul class="nav flex-column nav-list"> + <li class="nav-header"> +Development + </li> + <li class="nav-item "><a href="scm.html" title="Source Code" class="nav-link" >Source Code</a></li> + <li class="nav-item "><a href="issue-management.html" title="Bugs / Issues" class="nav-link" >Bugs / Issues</a></li> + <li class="nav-item "><a href="dependencies.html" title="Dependencies" class="nav-link" >Dependencies</a></li> + <li class="nav-item "><a href="integration.html" title="Continuous Integration" class="nav-link" >Continuous Integration</a></li> + <li class="nav-item "><a href="BuildInstructions.html" title="Build Instructions" class="nav-link" >Build Instructions</a></li> + <li class="nav-item "><a href="JUnitTesting.html" title="JUnit Testing" class="nav-link" >JUnit Testing</a></li> + <li class="nav-item "><a href="ManualTesting.html" title="Manual Testing" class="nav-link" >Manual Testing</a></li> + <li class="nav-item "><a href="ReleaseGuide.html" title="Release Guide" class="nav-link" >Release Guide</a></li> + <li class="nav-item "><a href="WebsiteGuide.html" title="Website Guide" class="nav-link" >Website Guide</a></li> + </ul> + </div> + </div> <!-- END: .row --> + </div> <!-- END: .container --> +</footer> + <div class="container subfooter text-center"> + <div class="row"> + <div class="col-md-12"> + <p class="copyright">Copyright ©2012-2020 + <a href="https://apache.org">Apache Software Foundation</a> +. All Rights Reserved.</p> + </div> + </div> + </div> + + <!-- Le javascript + ================================================== --> + <!-- Placed at the end of the document so the pages load faster --> + <script src="./js/jquery.min.js" crossorigin="anonymous"></script> + <script src="./js/popper.min.js" crossorigin="anonymous"></script> + <script src="./js/bootstrap.min.js" crossorigin="anonymous"></script> + + <script src="./js/lightbox.min.js" crossorigin="anonymous"></script> + <script src="./js/highlight.min.js" crossorigin="anonymous"></script> + +<script src="./js/site.js" type="text/javascript"></script> +<script src="./js/jquery-ui.min.js" type="text/javascript"></script> +<script src="./js/netcalc.js" type="text/javascript"></script> +<p class="text-center">Apache OpenMeetings, OpenMeetings, Apache, the Apache feather, and the Apache OpenMeetings project logo</p> +<p class="text-center">are trademarks of the Apache Software Foundation.</p> <script src="./js/reflow-skin.js" crossorigin="anonymous"></script> + <script src="./js/anchor.min.js" crossorigin="anonymous"></script> + </body> +</html>