I have followed a few different guides on importing a cert into a Tomcat
installation from my cert provider as well from the OM site:
https://openmeetings.apache.org/RTMPSAndHTTPS.html
https://helpdesk.ssls.com/hc/en-us/articles/203505171-How-to-install-a-SSL-certificate-on-a-Tomcat-server
last portion you need to changed the XML file. For OM installation you
need to comment out the "Tomcat without SSL enabled" via <!-- --> and
remove them from "Tomcat with SSL enable" in /opt/om/conf/ jee-container.xml
Saved all files and shutdown and restarted the red5 service. Do a NMAP
and still shows OM listening on 5080 and 1935. I have gone into the OM
installation and changed flash.secure = true and restarted from there
and still showing the listening on those ports.
server:~# nmap localhost
Starting Nmap 7.01 ( https://nmap.org ) at 2018-03-17 18:36 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000027s latency).
rDNS record for 127.0.0.1: localhost.localdomain
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
1935/tcp open rtmp****
3306/tcp open mysql
5080/tcp open onscreen****
9999/tcp open abyss
Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds
Is there other steps that need to be taken to get it to start listening
on 5443? I did notice the four entries below. Do I need to edit them
with my jks file locations and the password used to create or since
client auth is disabled that they are not needed?
<entry
key="keystoreFile" value="${rtmps.keystorefile}" />
<entry
key="keystorePass" value="${rtmps.keystorepass}" />
<entry
key="truststoreFile" value="${rtmps.truststorefile}" />
<entry
key="truststorePass" value="${rtmps.truststorepass}" />
I have attached the xml file to make sure that is correct. Need to get
this moved over to SSL as the last browser to still support unsecured
flash is Firefox, and from what I understand that will be removed in the
next revision.
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:lang="http://www.springframework.org/schema/lang";
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
">
<!--
The tomcat connectors may be blocking or non-blocking. Select between either option via the protocol property.
Blocking I/O:
<property name="protocol" value="org.apache.coyote.http11.Http11Protocol" />
Non-blocking I/O:
<property name="protocol" value="org.apache.coyote.http11.Http11NioProtocol" />
-->
<!-- Tomcat without SSL enabled -->
<!--
<bean id="tomcat.server" class="org.red5.server.tomcat.TomcatLoader" depends-on="context.loader" lazy-init="true">
<property name="webappFolder" value="${red5.root}/webapps" />
<property name="connectors">
<list>
<bean name="httpConnector" class="org.red5.server.tomcat.TomcatConnector">
<property name="protocol" value="org.apache.coyote.http11.Http11NioProtocol" />
<property name="address" value="${http.host}:${http.port}" />
<property name="redirectPort" value="${https.port}" />
<property name="connectionProperties">
<map>
<entry key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/>
<entry key="keepAliveTimout" value="-1"/>
</map>
</property>
</bean>
</list>
</property>
<property name="baseHost">
<bean class="org.apache.catalina.core.StandardHost">
<property name="name" value="${http.host}" />
</bean>
</property>
<property name="valves">
<list>
<bean id="valve.access" class="org.apache.catalina.valves.AccessLogValve">
<property name="directory" value="log" />
<property name="prefix" value="${http.host}_access." />
<property name="suffix" value=".log" />
<property name="pattern" value="common" />
<property name="rotatable" value="true" />
</bean>
<bean id="valve.error" class="org.apache.catalina.valves.ErrorReportValve">
<property name="showReport" value="false" />
<property name="showServerInfo" value="false" />
</bean>
</list>
</property>
</bean>
-->
<!-- Tomcat with SSL enabled -->
<bean id="tomcat.server" class="org.red5.server.tomcat.TomcatLoader" depends-on="context.loader" lazy-init="true">
<property name="webappFolder" value="${red5.root}/webapps" />
<property name="connectors">
<list>
<bean name="httpConnector" class="org.red5.server.tomcat.TomcatConnector">
<property name="protocol" value="org.apache.coyote.http11.Http11NioProtocol" />
<property name="address" value="${http.host}:${http.port}" />
<property name="redirectPort" value="${https.port}" />
</bean>
<bean name="httpsConnector" class="org.red5.server.tomcat.TomcatConnector">
<property name="secure" value="true" />
<property name="protocol" value="org.apache.coyote.http11.Http11NioProtocol" />
<property name="address" value="${http.host}:${https.port}" />
<property name="redirectPort" value="${http.port}" />
<property name="connectionProperties">
<map>
<entry key="port" value="${https.port}" />
<entry key="redirectPort" value="${http.port}" />
<entry key="SSLEnabled" value="true" />
<entry key="sslProtocol" value="TLS" />
<entry key="keystoreFile" value="${rtmps.keystorefile}" />
<entry key="keystorePass" value="${rtmps.keystorepass}" />
<entry key="truststoreFile" value="${rtmps.truststorefile}" />
<entry key="truststorePass" value="${rtmps.truststorepass}" />
<entry key="clientAuth" value="false" />
<entry key="allowUnsafeLegacyRenegotiation" value="true" />
<entry key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/>
<entry key="keepAliveTimout" value="-1"/>
<entry key="useExecutor" value="true"/>
<entry key="maxThreads" value="${http.max_threads}"/>
<entry key="acceptorThreadCount" value="${http.acceptor_thread_count}"/>
<entry key="processorCache" value="${http.processor_cache}"/>
</map>
</property>
</bean>
</list>
</property>
<property name="baseHost">
<bean class="org.apache.catalina.core.StandardHost">
<property name="name" value="${http.host}" />
</bean>
</property>
<property name="valves">
<list>
<bean id="valve.access" class="org.apache.catalina.valves.AccessLogValve">
<property name="directory" value="log" />
<property name="prefix" value="${http.host}_access." />
<property name="suffix" value=".log" />
<property name="pattern" value="common" />
<property name="rotatable" value="true" />
</bean>
<bean id="valve.error" class="org.apache.catalina.valves.ErrorReportValve">
<property name="showReport" value="false" />
<property name="showServerInfo" value="false" />
</bean>
</list>
</property>
</bean>
</beans>
