TLS/SSL Setup guide

For security, TLS/SSL setup would be required.

1. Audio/Video PTT encryption

When you set a PTT channel as a secure channel at adminWeb, the PTT encryption is activated.

2. Chatting and Pictures

TLS/SSL setup is required. And you have to set system property("proptt.service.ptt.enablessl") with "true" at adminWeb.

3. VideoSharing

TLS/SSL setup is required. And you have to set system property("proptt.service.videoshare.enablessl") with "true" at adminWeb.
But SW TLS/SSL's performance would be not good. VPN is recommanded.

4. TLS/SSL setup

4.1 Private TLS/SSL

ProPTT2 package already have the private TLS/SSL certification. By default you can use it without TLS/SSL setup.
But the private TLS/SSL could have some issues with Telco network.

4.2 Public TLS/SSL

You have to make a keystore file for ProPTT2 Tomcat server with the public TLS/SSL certification.

< How to make the keystore file for ProPTT2 Tomcat server >

The process is depened on the certification issuer. You need to have the guide from the issuer.
We will describe it with COMODO certification.

1) Purchase a TLS/SSL certification(for Apache-ModSSL) with your service domain name.

_wildcard_proptt2_com.crt -- main certification
_wildcard_proptt2_com.pfx -- pfx certification
_wildcard_proptt2_com_SHA256WITHRSA.key -- auto generated private key
AddTrustExternalCARoot.crt -- Root certification
COMODORSAAddTrustCA.crt -- Chain certification
pfx.txt -- password for _wildcard_proptt2_com.pfx

2) Convert pfx to jks(JavakeyStore) for Tomcat server

Step 1. Make PEM file.

cmd: cat _wildcard_proptt2_com_SHA256WITHRSA.key _wildcard_proptt2_com.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > _wildcard_proptt2_com.pem

Step 2. Convert PEM to PKCS file by openssl.

cmd: openssl pkcs12 -export -out _wildcard_proptt2_com.p12 -in _wildcard_proptt2_com.pem

Step 3. Convert PKCS to JKS file by Java's keytool.

cmd: keytool -importkeystore -srckeystore _wildcard_proptt2_com.p12 -srcstoretype pkcs12 -destkeystore proptt.keystore -deststoretype jks

Step 4. Check keystore file.

cmd: keytool -list -keystore proptt.keystore

Step 5. Change alias of keyStore. ("1" -> "proptt")

cmd: keytool -changealias -keystore proptt.keystore -alias 1 -destalias proptt

3) Configuration

You need to configure server.xml at {proptt2 install directory}/apache-tomcat/conf.

You need to configure system.xml at {proptt2 install directory}/ptt-server and video-server.

5. Start

If you want to start RTSP, You need to restart video-server. you can use below command.

6. Test

6.1 Setup your domain on your PC

You need to configure hosts file at C:\Windows\System32\drivers\etc by administrator.

6.2 Open adminWeb with HTTPS

Open "https://your.domain:40443/"

7. Remark