There are 2 ways the client communicates with the server:
Pure HTTP: all browser-server communications go through plain, unsecured HTTP
This option can be used in case you will have frontend proxy to do encryption
HTTPS: all browser-server communications will be encrypted
This option is available out-of-the-box, just follow the URL: https://localhost:5443/openmeetings
$OM_HOME/conf/keystore
to $OM_HOME/conf/keystore.bak
keytool -keysize 4096 -genkey -alias openmeetings -keyalg RSA -storetype PKCS12 -keystore $OM_HOME/conf/keystore Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: <your hostname, e.g demo.openmeetings.de> What is the name of your organizational unit? [Unknown]: Dev What is the name of your organization? [Unknown]: OpenMeetings What is the name of your City or Locality? [Unknown]: Henderson What is the name of your State or Province? [Unknown]: Nevada What is the two-letter country code for this unit? [Unknown]: US Is CN=demo.openmeetings.de, OU=Dev, O=OpenMeetings, L=Henderson, ST=Nevada, C=US correct? [no]: yes Enter key password for <openmeetings>
keytool -certreq -keyalg RSA -alias openmeetings -file openmeetings.csr -keystore $OM_HOME/conf/keystore
keytool -import -alias root -keystore $OM_HOME/conf/keystore -trustcacerts -file root.crt
(NOTE: you may receive a warning that the certificate already exists in the system wide keystore - import anyway)keytool -import -alias intermed -keystore $OM_HOME/conf/keystore -trustcacerts -file intermediate.crt
keytool -import -alias openmeetings -keystore $OM_HOME/conf/keystore -trustcacerts -file demo.openmeetings.de.crt
openssl pkcs12 -export -in openmeetings.crt -inkey openmeetings.key -out openmeetings.p12 -name openmeetings -certfile root.crt -certfile intermedXX.crt` Enter Export Password: openmeetings Verifying - Enter Export Password: openmeetings
keytool -importkeystore -srcstorepass openmeetings -srckeystore openmeetings.p12 -srcstoretype PKCS12 -deststorepass password -destkeystore $OM_HOME/conf/keystore -alias openmeetings -deststoretype PKCS12
keytool -import -alias root -keystore $OM_HOME/conf/keystore -trustcacerts -file root.crt
(note: you may receive a warning that the certificate already exists in the system wide keystore - import anyway)keytool -import -alias intermed -keystore $OM_HOME/conf/keystore -trustcacerts -file intermedXX.crt
Additional info on HTTPS configuration can be found at Apache Tomcat site