[jitsi-dev] Adding Let's Encrypt SSL certs


#1

Hey all,

I noticed that I am unable to add any certs to the existing jks file
that was created through the Debian installer of jitsi-meet. I am not
sure exactly how the self certs are created but I want to add my own SSL
certs from letsencrypt. I tried just generating a new jks with my certs
included but when I tried to use that is threw and error saying it could
not read the jks. I think the jks needs a password to access it but
where is that password configured or stored? Could we perhaps make it a
little easier to use other SSL certs with jitsi-videobridge both for
renewal and replacement?

Thanks.

···

--

Don Alexander

It's a tough job, but some mug has to do it...

RooSoft Ltd


#2

If you use nginx (or apache etc.) for serving the web, you can use
right away any certs, letsencrypt ones including.

If you use java for this, you can use the keytool command to import
the certificate in the keystore. you can check how it's done on
install by looking at the postinst file of jitsi-meet (around line 115
currently).

Or maybe you are talking about enhancing the package postinst script
so that this is available automatically on unstall time?

···

On Tue, 5 Apr 2016 16:32:37 +0100 Don Alexander wrote:

I noticed that I am unable to add any certs to the existing jks file
that was created through the Debian installer of jitsi-meet. I am not
sure exactly how the self certs are created but I want to add my own
SSL certs from letsencrypt. I tried just generating a new jks with my
certs included but when I tried to use that is threw and error saying
it could not read the jks. I think the jks needs a password to access
it but where is that password configured or stored? Could we perhaps
make it a little easier to use other SSL certs with jitsi-videobridge
both for renewal and replacement?

--

Yasen Pramatarov
Lindeas Ltd. https://lindeas.com
'working on GNU/Linux ideas'
Professional Jitsi Meet services


#3

I noticed that I am unable to add any certs to the existing jks file
that was created through the Debian installer of jitsi-meet. I am not
sure exactly how the self certs are created but I want to add my own
SSL certs from letsencrypt. I tried just generating a new jks with my
certs included but when I tried to use that is threw and error saying
it could not read the jks. I think the jks needs a password to access
it but where is that password configured or stored? Could we perhaps
make it a little easier to use other SSL certs with jitsi-videobridge
both for renewal and replacement?

If you use nginx (or apache etc.) for serving the web, you can use
right away any certs, letsencrypt ones including.

If you use java for this, you can use the keytool command to import
the certificate in the keystore. you can check how it's done on
install by looking at the postinst file of jitsi-meet (around line 115
currently).

Or maybe you are talking about enhancing the package postinst script
so that this is available automatically on unstall time?

I see.. so it probes for nginx/apache and tries to use those , then it
looks for certs in /etc/ssl/$JVB_HOSTNAME.crt Yeah might be a good idea
to ask if there are ssl certs to add. Still can I just add my letencrypt
cert to the .jks and be done with it? Those letsencrypt certs expire
every few months so will replacing it be a problem?

Just out of interest are there any advantages to running jitsi-meet with
nginx or apache? I am not intending to have a webserver running on this
server but I could if it is better for the videobridge.

Thanks.

Thanks

···

On 05/04/16 16:57, Yasen Pramatarov wrote:

On Tue, 5 Apr 2016 16:32:37 +0100 Don Alexander wrote:

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--

Don Alexander

It's a tough job, but some mug has to do it...

RooSoft Ltd