標籤彙整: openmeetings certificates certbot

how to install free certificates in openmeetings 6.0

openmeetings is a very good web meeting solution for SMB. but sometimes, it’s very hard to collect relate installation guide through internet, especially for the newest version of openmeetings. below is my study record about how to install certificate in openmeetings 6.0.

my OS is Ubuntu 18.04, and openmeetings is 6.0 version. at the begining I found out a manual to using certbot to apply for a free certificate, but failed, OS complained that it did not support certbot anymore. if you also encounter such kind of issue, may be below you could try to resolve your problem.

(1) sudo apt install snap

(2) sudo apt-get remove certbot

(3) sudo snap install –classic certbot

(4) sudo certbot certonly –standalone
in this step, you should make sure your openmeetings server already NAT port 80 in your firewall, or you will receive error message after this command.

(5) export the certificate into PKCS12 format

(6) convert that PKCS12 to JKS file using java tool  ( to replace example.com to your FQDN, and change the password which you wanted)

sudo keytool -importkeystore -deststorepass samplePassword -destkeypass samplePassword

-destkeystore /tmp/example.com.jks -srckeystore /tmp/example.com_fullchain_and_key.p12

-srcstoretype PKCS12 -srcstorepass samplePassword -alias tomcat

(7) Copy the generated example.com.jks file to the Tomcat-OpenMeetings installation directory

sudo cp /tmp/example.com.jks /opt/openmeetings/conf  (replace example.com with your true domain)
PS: it depends which installation directory you choose, just put it into /conf sub-directory

(8) Configure Tomcat with the Java Keystore that we generated.

sudo vi /opt/openmeetings/conf/server.xml

to find out 5443 part, and replace the certificate and its password in that section.

<Connector port=”5443″ protocol=”org.apache.coyote.http11.Http11NioProtocol”

maxThreads=”150″ SSLEnabled=”true”

keystoreFile=”conf/example.com.jks” keystorePass=”samplePassword

clientAuth=”false” sslProtocol=”TLS”/>

(9) what you applied for is a free certificates, so that it will need to be renew every 3 months. below is the command for renew, i never have chance to try for now, maybe 3 months later i will update the information again.