Using OpenMeetings with HTTPS

There are 2 ways the client communicates with the server:

  1. Pure HTTP: all browser-server communications go through plain, unsecured HTTP

    This option can be used in case you will have frontend proxy to do encryption

  2. HTTPS: all browser-server communications will be encrypted

Self-signed certificate

This option is available out-of-the-box, just follow the URL: https://localhost:5443/openmeetings

Real certificate

Prerequisites

  1. You need OpenMeetings 5.0.x or later for this
  2. Rename the existing keystore file $OM_HOME/conf/keystore to $OM_HOME/conf/keystore.bak

Create Keystore from the scratch

  1. Create a new keystore and key, use the same password for both:
keytool -keysize 4096 -genkey -alias openmeetings -keyalg RSA -storetype PKCS12 -keystore $OM_HOME/conf/keystore
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]:  <your hostname, e.g demo.openmeetings.de>
What is the name of your organizational unit?
[Unknown]:  Dev
What is the name of your organization?
[Unknown]:  OpenMeetings
What is the name of your City or Locality?
[Unknown]:  Henderson
What is the name of your State or Province?
[Unknown]:  Nevada
What is the two-letter country code for this unit?
[Unknown]:  US
Is CN=demo.openmeetings.de, OU=Dev, O=OpenMeetings, L=Henderson, ST=Nevada, C=US correct?
[no]:  yes
Enter key password for <openmeetings>
  1. Generate a CSR: keytool -certreq -keyalg RSA -alias openmeetings -file openmeetings.csr -keystore $OM_HOME/conf/keystore
  2. Submit CSR to your CA of choice and receive a signed certificate
  3. Import your chosen CA's root certificate into the keystore (may need to download it from their site - make sure to get the root CA and not the intermediate one): keytool -import -alias root -keystore $OM_HOME/conf/keystore -trustcacerts -file root.crt (NOTE: you may receive a warning that the certificate already exists in the system wide keystore - import anyway)
  4. Import the intermediate certificate(s) you normally receive with the certificate: keytool -import -alias intermed -keystore $OM_HOME/conf/keystore -trustcacerts -file intermediate.crt
  5. Import the certificate you received: keytool -import -alias openmeetings -keystore $OM_HOME/conf/keystore -trustcacerts -file demo.openmeetings.de.crt

Create Keystore using existing key-pair

Prerequisites

  • Server key: openmeetings.key
  • Signed CSR: openmeetings.crt
  • CA's root certificate: root.crt
  • ** Intermediate certificate(s): intermedXX.crt

Steps

  1. Export existing keys into PKCS12 format:
openssl pkcs12 -export -in openmeetings.crt -inkey openmeetings.key -out openmeetings.p12 -name openmeetings -certfile root.crt -certfile intermedXX.crt`

Enter Export Password: openmeetings
Verifying - Enter Export Password: openmeetings
  1. Import resulting openmeetings.p12 into keystore: keytool -importkeystore -srcstorepass openmeetings -srckeystore openmeetings.p12 -srcstoretype PKCS12 -deststorepass password -destkeystore $OM_HOME/conf/keystore -alias openmeetings -deststoretype PKCS12
  2. Import your chosen CA's root certificate into the keystore (may need to download it from their site - make sure to get the root CA and not the intermediate one): keytool -import -alias root -keystore $OM_HOME/conf/keystore -trustcacerts -file root.crt (note: you may receive a warning that the certificate already exists in the system wide keystore - import anyway)
  3. Import the intermediate certificate(s) you normally receive with the certificate: keytool -import -alias intermed -keystore $OM_HOME/conf/keystore -trustcacerts -file intermedXX.crt

More configuration options

Additional info on HTTPS configuration can be found at Apache Tomcat site

Apache OpenMeetings, OpenMeetings, Apache, the Apache feather, and the Apache OpenMeetings project logo
are trademarks of the Apache Software Foundation.
Privacy policy