Installing SSL

viorel

New Member
Hello,
I have install ssl to my domain (centos / nginx) where is working normally, but on https://mydomainname.com:8888 the ssl is not working, I have seen in your documentation something related with:
- 1_root_bundle.crt
- key.pk,
- password ..
I don't have these things , the only files I have (from the release certificate company) that work on domain index are:
- mydomainname.ca-bundle
-mydomainname.crt
- mydomainname.csr
- mydomainname.key

So, please advise where should I go and make to work with my existing files?

Thanks
viorel
 

Max

Administrator
Staff member
Hello
There are two ways to import SSL certificates:
1) In the dashboard
2) Over SSH and keytool
So if the first way does not work for you, please import certificates using way (2)
Regarding your files:
Code:
mydomainname.ca-bundle = CA Certificate + Intermediate CA
Code:
mydomainname.crt = Domain Certificate
Code:
mydomainname.key = Private Key


If your private key is encrypted (you can open your key file in a text editor to see if it is encrypted or not), then you need a password.
If your private key is not encrypted, you can leave the password filed blank.
Eventually you should be able to import your certificates via the UI.
If it does not work and if you have errors in logs, please use the second way. The second way is bit more complex, but it works in 100% cases.
 

Max

Administrator
Staff member
Please use way 2. It works in 100% cases.
To implement way 2, you need:
For example on our demo server:
Code:
# java -version
java version "1.8.0_45"
Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode)
Code:
# keytool -v
Usage error: no command provided
Key and Certificate Management Tool

Commands:

-certreq            Generates a certificate request
-changealias        Changes an entry's alias
-delete             Deletes an entry
-exportcert         Exports certificate
-genkeypair         Generates a key pair
-genseckey          Generates a secret key
-gencert            Generates certificate from a certificate request
-importcert         Imports a certificate or a certificate chain
-importpass         Imports a password
-importkeystore     Imports one or all entries from another keystore
-keypasswd          Changes the key password of an entry
-list               Lists entries in a keystore
-printcert          Prints the content of a certificate
-printcertreq       Prints the content of a certificate request
-printcrl           Prints the content of a CRL file
-storepasswd        Changes the store password of a keystore
Use "keytool -command_name -help" for usage of command_name
The keytool is located in the
Code:
/usr/java/default/bin/keytool
 

viorel

New Member
Hi Max, this library jdk-8u25-linux-x64.tar.gz archive don't exist any more and if I take this one jdk-8u121-linux-x64.tar.gz cannot be extracted. And I would like to use my existing certificates because I already paid for them. What should I do?

I forget to tell you that my existing ssl on index page loke https://mysite.com is working, but not in root https://mysite.com:8888
Can I change 8888 with 80 to work on index page? this can be a solution?
 

Max

Administrator
Staff member
jdk-8u121-linux-x64.tar.gz cannot be extracted
Perhaps your download archive was broken. Make sure you download / upload this properly. I don't believe that Oracle's .tar.gz archive is broken. Please re-check.
And I would like to use my existing certificates because I already paid for them. What should I do?
As I said you have to import your certificates into WCS using the Way 2. As a result, your existing certificates will be imported into
Code:
/usr/local/FlashphonerWebCallServer/conf/wss.jks
and you will able to open http://domain:8888 and connect to wss://domain:8443 with a green line in the browser.
I forget to tell you that my existing ssl on index page loke https://mysite.com is working, but not in root https://mysite.com:8888
Can I change 8888 with 80 to work on index page? this can be a solution?
No, it won't work.
Though you can use your web server (Apache, Nginx, HA proxy) as a proxy 443 >> 9091 (dashboard), 443 >> 8080 (websockets). But to setup such proxy you will need more Linux admin skills.
 

viorel

New Member
Hi ,
So now: this instruction from here
https://flashphoner.com/docs/wcs5/w...eparing_for_installation-jdk_installation.htm
doesn't work anymore (for my centos version) but it work with this one:
https://www.mkyong.com/java/how-to-install-oracle-jdk-8-on-centos/

Then,
making the first point 1. Delete self-signed certificate from the storage form here:
https://flashphoner.com/docs/wcs5/w...ment-websocket_ssl-ssl_certificate_import.htm

----
[root@centos ~]# keytool -delete -alias selfsigned -keystore /usr/local/FlashphonerWebCallServer/conf/wss.jks
Enter keystore password:

now, what password should I put? because non of them seems to work (the one from admin or server password)

Please advise!
 

viorel

New Member
I 've made point 1,2,3 (no chance for 4 and 5) , any now I want to make it again and I unistall and reinstall again,

every time when I type
- service webcallserver restart
in
- tail -f /usr/local/FlashphonerWebCallServer/logs/flashphoner_manager.log
last line I have is:

16:25:03,414 INFO config - localhost-startStop-1 Initializing Mojarra 2.2.12 ( 20150720-0848 https://svn.java.net/svn/mojarra~svn/tags/2.2.12@14885) for context ''
16:25:04,166 INFO application - localhost-startStop-1 JSF1048: PostConstruct/PreDestroy annotations present. ManagedBeans methods marked with these annotations will have said annotations processed.
16:25:06,296 INFO icationEventListener - localhost-startStop-1 Running on PrimeFaces 5.3


Question : It is a way to debug this?
 

Max

Administrator
Staff member
Glad that works for you.
Generally server startup takes around 1 minute.
If you see this message in logs more than 2 minutes:
16:25:06,296 INFO icationEventListener - localhost-startStop-1 Running on PrimeFaces 5.3
Please read this troubleshooting post to speedup the startup process.
 
Top