How to configure SSL for jitsi meet

Hi Team,

I have created jitsi meet server. At the time of installation, I used the default SSL which the installation process suggests. Now I have purchased a new SSL certificate, I am not sure how to configure the new SSL cert and key.

I can see the meetingnow.live.cfg.lua file created in the /etc/prosody/conf.avail.
In the above file, I have changed the path of key and certificate.

Now my file looks like as follows:
– Plugins path gets uncommented during jitsi-meet-tokens package install - that’s where token plugin is located
–plugin_paths = { “/usr/share/jitsi-meet/prosody-plugins/” }

VirtualHost “meetingnow.live”
– enabled = false – Remove this line to enable this host
authentication = “anonymous”
– Properties below are modified by jitsi-meet-tokens package config
– and authentication above is switched to “token”
–app_id=“example_app_id”
–app_secret=“example_app_secret”
– Assign this host a certificate for TLS, otherwise it would use the one
– set in the global section (if any).
– Note that old-style SSL on port 5223 only supports one certificate, and will always
– use the global one.
ssl = {
–key = “/etc/prosody/certs/meetingnow.live.key”;
–certificate = “/etc/prosody/certs/meetingnow.live.crt”;
key = “/etc/prosody/certs/meetingnow_live/meetingnow_live_key”;
certificate = “/etc/prosody/certs/meetingnow_live/meetingnow_live.crt”;
}
– we need bosh
modules_enabled = {
“bosh”;
“pubsub”;
“ping”; – Enable mod_ping
}

    c2s_require_encryption = false

Component “conference.meetingnow.live” “muc”
storage = “null”
–modules_enabled = { “token_verification” }
admins = { “focus@auth.meetingnow.live” }

Component “jitsi-videobridge.meetingnow.live”
component_secret = “xxxxxxxx”

VirtualHost “auth.meetingnow.live”
ssl = {
– key = “/etc/prosody/certs/auth.meetingnow.live.key”;
– certificate = “/etc/prosody/certs/auth.meetingnow.live.crt”;
key = “/etc/prosody/certs/meetingnow_live/meetingnow_live_key”;
certificate = “/etc/prosody/certs/meetingnow_live/meetingnow_live.crt”;

}
authentication = "internal_plain"

Component “focus.meetingnow.live”
component_secret = “xxxxxx”

And then restarted the server with using following commands.
/etc/init.d/prosody restart
/etc/init.d/jicofo restart
/etc/init.d/jitsi-videobridge restart

Still the https is not updated with my certificate details.

Kindly help me to configure my SSL.

All you need to do is change the certificate on the webserver, the certificate for the xmpp server does not matter.
The default installation when you do not have apache2 or nginx installed will use the jetty server inside jvb to serve the content.
To change the certificate there is not as trivial as changing it in apache or nginx.
You need to create new jks with your certs and use that:

Or you can purge everything and start all over again, and on the step about certs input the path of your certificate.

Thank you for your reply.

openssl pkcs12 -export
-in $CERT_CRT -inkey $CERT_KEY -passout pass:changeit > $CERT_P12
Can you please tell me where to run this command? Also, do I need to change the $CERT_CRT and $CERT_KEY with my SSL cert and key path?

These are shell commands, you should type them in command line. Replace the variables with the full path to your cert and key files.

It’s not obvious from your post, it looks like you are using the default install without apache/nginx and it’s running with jetty, but if you are runing apache/nginx, you should configure the ssl in the webserver config files and then restart it. If you are runing jetty, restart the videobridge.

Yes I am using the default installation.

The postinst file above is in fact what is being done by the server during the package installation. It is how the software is being configured, you can see it step by step. If you use these commands, you can recreate the SSL configuration with your new/custom SSL files.

HI, I was checking the https://jitsi.org/downloads/, but now it is showing 404 error, earlier it was showing the steps to install the jitsi meet
Where to search the steps for the installation. Please help.

You can also use https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md

The downloads page may have some issues, I guess, but I’m sure it will be back up soon. You can find all the documentation in github.

I am having similar problems. Not using Apache/Nginx and need to update SSL (not LetsEncrypt), we has a wildcard certificate.

Can someone diagnose my shell command?

openssl pkcs12 -export -in /etc/prosody/certs/convo.crt -inkey /etc/prosody/certs/convo.key -passout pass:changeit > /etc/jitsi/videobridge/convo.p12 keytool -importkeystore -destkeystore /etc/jitsi-videobridge/convo.jks -srckeystore $CERT_P12 -srcstoretype pkcs12 -noprompt -storepass changeit -srcstorepass changeit

It looks OK, but you have to replace the variable $CERT_P12 with the full path to “convo.p12” too.

Hi @Yasen_Pramatarov1 I’ve corrected it, but it won’t execute, instead the output

Usage: pkcs12 [options]
where options are
-export output PKCS12 file
-chain add certificate chain
-inkey file private key if not infile
-certfile f add all certs in f
-CApath arg - PEM format directory of CA’s
-CAfile arg - PEM format file of CA’s
-name “name” use name as friendly name

What am I doing wrong?

TIA

It should be OK, check the command line for errors, if you are copy/pasting in terminal and you have some other symbols that should not be there.
I just typed a similar command on my desktop and it’s ok, the options are ok. Maybe you have a typo.
And of course, if you use the whole line as you wrote it above, be sure to separate the two commands with a semicolon, the first is “openssl” and the second is “keytool”, so put a “;” before “keytool”.

Duh, that did it. I didn’t realize there were 2 commands chained!! @tajbennur maybe you can have more luck with my command whilst replacing the cert name/location?

Thanks