Search This Blog

Monday, May 15, 2017

How to Apply an SSL Certificate on BigBlueButton | Enable SSL on BigBlueButton | BigBlueButton SSL certificate | Nginx configuration for BigBlueButton

To enable SSL on BigBlueButton follow below steps.


To apply an SSL certificate on BigBlueButton you should have a valid certificate. To obtain a valid certificate from any SSL service provider you have to generate CSR (Certificate Signing Request) first.

For generating CSR and Private key follow below tutorial.

How to Generate Private key and CSR on Windows to Obtain SSL Certificate. 

Upload the generated CSR on SSL provider (such as Comodo, Godaddy etc.) website and obtain SSL certificate.

Note :- Download the SSL bundle for NGINX web server.

Once you have downloaded the SSL certificate bundle the follow below steps to apply that SSL on Bigbluebutton.

1. Create a Directory inside Nginx with name "SSL"

$ mkdir /etc/nginx/SSL

2. create a file inside SSL directory with your domain name and enter the private key you have generated using above URL

$ sudo vi /etc/nginx/ssl/www.example.com.key

paste the private key inside www.example.com.key file.

3. Now copy the "crt" file on your server in SSL directory. You can use WINSCP to perform this task and rename it with your domain name. Ex. www.example.com.crt

4. you will have to generate a set of 2048-bit diffie-hellman now using below command 

Note :- enter this command when you are present in "SSL" directory

openssl dhparam -out /etc/nginx/ssl/dhp-2048.pem 2048

5. Now you need to edit the nginx bigbluebutton file as below.

sudo vi /etc/nginx/sites-available/bigbluebutton

enter below configuration.

server {
  server_name www.example.com;
  listen 80;
  listen [::]:80;
  listen 443 ssl;
  listen [::]:443 ssl;
  ssl_certificate /etc/nginx/ssl/www.example.com.crt;
  ssl_certificate_key /etc/nginx/ssl/www.example.com.key;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256";
  ssl_prefer_server_ciphers on;

  ssl_dhparam /etc/nginx/ssl/dhp-2048.pem;

Update your domain name instead www.example.com in the above configuration.

6. Now change in FreeSwitch external file as below. Replace ws-binding to wss-binding and port number 5066 to 7443.

$ sudo vi /opt/freeswitch/conf/sip_profiles/external.xml

<param name="tls-version" value="$${sip_tls_version}"/>

<param name="wss-binding" value=":7443"/>

7 Now update in below file. and change http to https and port 5066 to 7443

$ sudo vi /etc/bigbluebutton/nginx/sip.nginx

location /ws {

  proxy_pass https://10.10.10.10:7443;

8. Use command "sudo vi /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties" and change http to https as below.

bigbluebutton.web.serverURL=https://bigbluebutton.example.com 

9. If you are using bigbluebutton 1.1 or higher then you need to change in below file as well and make http to https.

sudo vi /usr/share/red5/webapps/screenshare/WEB/INF/screenshare.properties

jnlpUrl=https://bigbluebutton.example.com/screenshare

jnlpFile=https://bigbluebutton.example.com/screenshare/screenshare.jnlp

10. Now it is very important to change config.xml and replace all the url to https. You can use below command to perform this task in once.

$ sed -e 's|http://|https://|g' -i /var/www/bigbluebutton/client/conf/config.xml

If you want to revert changes back then use below command.

$ sed -e 's|https://|http://|g' -i /var/www/bigbluebutton/client/conf/config.xml

this will revert https to http change again.

11. If you have installed demo then you need to change in one more file as below and make http to https

$ sudo vi /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp

String BigBlueButtonURL = "https://bigbluebutton.example.com/bigbluebutton/";

At the end you need to restart your BigBlueButton to make the changes applied on your BigBlueButton configuration.

Use command "sudo bbb-conf --restart" or "sudo bbb-conf --clean" command to restart the BigBluebutton.

You have done with the SSL certificate now. 

Comment below if you face any issues.

3 comments:

  1. Do you have any work around on self-signed certificate? I am using self-signed certificate and it is getting rejected by bbb itself.

    ReplyDelete
  2. I was suggested this website by my cousin. I’m not sure whether this post is written by him as no one else know such detailed about my trouble. You’re wonderful! Thanks! website design

    ReplyDelete
  3. SSL Certificates Provider is the highest layer of the Open Systems Interconnect (OSI) model but the protocol for security operates in a sub-layer where it encrypts HTTP messages before transmission. The SSL cryptographic system utilizes two keys, one public and one private, for data encryption.

    ReplyDelete

Copyright © 2017 | Aayush Kamboj. Powered by Blogger.