Local Server Certificate OpenSSL

anon36916486 · April 20, 2020, 9:48am

Hello,
I installed jitsi-meet with the guide from https://github.com/jitsi/docker-jitsi-meet as a virtual machine on my esx Server.
The Server is only reachable from the intern network, so I have no chance to create a certificate with Let’s Encrypt.
Is there any possibility to generate a certificate with for example openssl?
I don’t want to generate a certificate which I need to import in every browser.

I’m an absolute beginner in linux so that I’m happy about any help.

Thank you very much

Hallo,
ich ich habe jitsi-meet mit der Anleitung von https://github.com/jitsi/docker-jitsi-meet als virtuelle Machine auf meinem ESX Server installiert.
Der Server ist lediglich über das interne Netzwerk erreichbar, sodass ich kein Zertifikat mittels Lets Encrypt erstellen kann.
Gibt es eine andere Möglichkeit ein Zertifikat für den lokalen Server zu generieren (z.B. über OpenSSL)?
Ich möchte kein Zertifikat generieren, dass ich für jeden Client im Browser importieren muss.

Ich bin ein absoluter Anfänger im Umgang mit Linux, sodass ich über jegliche Hilfe dankbar bin.

Vielen Dank

gpatel-fr · April 20, 2020, 11:42am

you are not 100% correct it is not possible to use a Let’s encrypt certificate however it’s true that the jitsi script can’t be used. When using DNS validation it’s possible to create a generic certificate for a domain (*.mydomain.mytld) and then import it into an internal web server that can be accessed with an internal DNS.

Here you are asking for 2 incompatible things; if you use a self-signed certificate you will have to import it into every browser or accept the certificates every time, and even then it will probably never work on Android (if it’s an internal server it’s not a great restriction). That’s how modern browsers work, nothing to do with Jitsi.

anon36916486 · April 20, 2020, 1:25pm

Thanks for the fast answer.

As you can see, I’m not very familiar with this topic, but I try my very best.

I had some knowledge gaps about the self-signed certificates, but today I wrote much threads which helped me very well.

I think there is no other way as the self-signed certificate.
I try it since hours, but everytime there is no success.

Do you know what I have to do?

gpatel-fr · April 20, 2020, 1:29pm

Import the certificate in the browser

anon36916486 · April 20, 2020, 1:42pm

Can you please explain me where I find the certificate?

gpatel-fr · April 20, 2020, 1:43pm

err, if you created a certificate with openssl I guess it’s where you run the command.

anon36916486 · April 20, 2020, 2:00pm

This is correct, but I thought a certificate are generated when I start the docker command.

I was looking in the file “~/docker-jitsi-meet/web/rootfs/etc/cont-init.d/10-config” where I found this Sektion:

   # use self-signed certs

     if [[ -f /config/keys/cert.key && -f /config/keys/cert.crt ]]; then
         echo "using keys found in /config/keys"
     else
         echo "generating self-signed keys in /config/keys, you can replace these with your own keys if required"
         SUBJECT="/C=US/ST=TX/L=Austin/O=jitsi.org/OU=Jitsi Server/CN=*"
         openssl req -new -x509 -days 3650 -nodes -out /config/keys/cert.crt -keyout /config/keys/cert.key -subj "$SUBJECT"
     fi
 fi
 if [[ ! -f /config/nginx/dhparams.pem ]]; then
     openssl dhparam -out /config/nginx/dhparams.pem 2048

gpatel-fr · April 20, 2020, 2:43pm

ah yes, you used to automated self-signed, you were talking about openssl and I was believing you had run it yourself. So the certs are in the directory used by docker-jitsi-meet, should be under
/config/keys and you should import the cert.crt file.

anon36916486 · April 20, 2020, 2:51pm

Now I found the Certificate in ~/.jitsi-meet-cf/web/keys
Thanks for your help!