Red5 Documentation


Using GoDaddy as your provider requires these steps:

  1. Create your private key and keystore.jks file
    When asked for first and last name, this is NOT your first and last name, but rather it is your Fully Qualified Domain Name for the site you are securing (example: If you are using a Wildcard Certificate the FQDN must begin with the \ character. (example: \

    keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore keystore.jks -storepass changeit

    This will bring you questions like those that follow:

    What is your first and last name?
    What is the name of your organizational unit?
    What is the name of your organization?
    What is the name of your City or Locality?
    What is the name of your State or Province?
    What is the two-letter country code for this unit?
    Is, OU=Dev, O=Red5, L=Boston, ST=MA, C=US correct?
  2. Generate a CSR
    keytool -certreq -keyalg RSA -alias tomcat -file csr.txt -keystore keystore.jks
  3. Submit your CSR to GoDaddy via their online form.
  4. Once available, download your SSL cert files (server type = Tomcat). The zip file from GoDaddy will contain three files:
    • A root and cross-chain bundle certificate file: gd_bundle-g2-g1.crt
    • An intermediate certificate file: gdig2.crt
    • The issued site certificate file, which begins with serial number (e.g. 123abc678901def.crt)
  5. Import the root and cross-chain bundle certificates
    Ensure that you use the exact keystore.jks file that the csr was generated from

    keytool -import -alias root -keystore keystore.jks -trustcacerts -file gd_bundle-g2-g1.crt -storepass changeit -noprompt
  6. Import the intermediate certificate
    keytool -import -alias intermed -keystore keystore.jks -trustcacerts -file gdig2.crt -storepass changeit -noprompt
  7. Import your issued site certificate
    keytool -import -alias tomcat -keystore keystore.jks -trustcacerts -file 123abc678901def.crt -storepass changeit -noprompt
  8. Export the certificate so that it can be added as the trusted certificate:
    keytool -export -alias tomcat -file tomcat.cer -keystore keystore.jks -storepass changeit -noprompt
  9. The exported certificate file, will now be used to populate the truststore. The password for the truststore must be provided. It can be the same, or different, to the one for the keystore. You will need this password for the file.
    keytool -import -trustcacerts -alias tomcat -file tomcat.cer -keystore truststore.jks -storepass changeit -noprompt