This document explains how to install TMMS and TCS on a Linux Server (Ubuntu, Debian, Centos)

1. Prerequisites

  • A TIXEO subscription

  • A supported operating system

  • root privilege on the Linux servers

  • Access to a Certificate Authority to obtain 2 certificate (one for the TMMS and one for the TCS)

2. Architecture choice

While the TMMS can only be installed once on a server, the TCS server can be installed on several servers.

2.1. Distributed architecture

  • Recommended for Linux install.

    • Due to the small footprint of a Linux server, we recommend the distributed architecture for better isolation and agility.

  • The TMMS server and the TCS servers are installed on several machines.

  • This can be used to geographically spread TCS servers to be as close as possible to the users.

  • It can also allow to isolate some meetings, by having a public TCS in a DMZ for meetings with external users, and a private TCS on the LAN for internal users.

2.2. All-in-One installation

  • Both TMMS and TCS servers are installed on the same machine.

  • Requires 2 IP addresses on the same machine.

    • WARNING: If your install is fully private with an internal DNS server, take special care when setting up DNS entries, which should not be linked to the server hostname. Make sure the TMMS and TCS FQDNs correctly resolve to the expected IP addresses.

3. Minimum requirements

See the recommended hardware requirements for Tixeo Linux servers.

See the network requirements for Tixeo video conferencing solution.

4. Debian and Ubuntu installation

4.1. Installing and initializing the TMMS

4.1.1. Directories

Throughout this document, we will make reference for some directory.

4.1.1.1. Installation directory

The value for TixeoServerDir is:

/opt/tixeoserver/
4.1.1.2. TMMS Configuration directory

The value for TixeoServerConfDir is:

/etc/tixeoserver/tmms/conf/
4.1.1.3. TMMS Logs directory

The value for TixeoServerLogsDir is:

/var/log/tixeoserver/tmms
4.1.1.4. Working directory

This is the directory where you will store files before installation (Packages, Configuration files) The value for TixeoServerWorkingDir is:

/home/<Username>

4.1.2. Download packages

2 Packages are required for the TMMS installation:

  • tixeoserver-jdk: JDK for Tixeo TMMS

  • tixeoserver-tmms: Tixeo TMMS server

Open the following link: https://dl.tixeo.com And enter your download login and password

Follow the tree

>> Latest-Installer >> Linux >> deb

Download the files below in your TixeoServerWorkingDir. With A.B.C.D for the version number and xx as an arbitrary sequence value (01,02 etc)

xx.tixeoserver-jdk_A.B.C.D_amd64.deb
xx.tixeoserver-tmms_A.B.C.D_amd64.deb

4.1.3. Install JDK package

From your TixeoServerWorkingDir

Install the JDK package

/home/<Username>$ sudo apt install ./xx.tixeoserver-jdk_A.B.C.D_amd64.deb

4.1.4. Install TMMS package

TMMS package require a configuration file for the installation to succeed.

From your TixeoServerWorkingDir

Create config_install_tmms.ini

$ /home/<Username>$ vi config_install_tmms.ini

And paste the content below

[TMMS Settings]
#Name of your company: Used to ask a license and for emails sent to the users
#Also used for Cerficate attribute O: Organization
TMMS_CompanyName=xxx

#TMMS public FQDN address: The FQDN to access the TMMS
#Also used for Cerficate attribute CN: CommonName
TMMS_FQDN=xxx

#TMMS public IPv4 address: The public IP on which the TMMS will listen
TMMS_IP=x.x.x.x

#The login used by the TCSs to connect to the TMMS. Usefull for IaaC deployment of your Tixeo Server
#Minimum password size is 16 characters
TCS_UserName=xxx
TCS_UserPassword=xxx

[Administator Account]
#Account in charge of the meetings management system
#After installation, you’ll be able to add some more administrators

#First name
Admin_Firstname=xxx

#Last name
Admin_Lastname=xxx

#Email address
#user for the admin to logon on the TMMS
Admin_Email=xxx@mycompany.com

#Password (can be empty and in this case, it will be requested during installation)
#Minimum password size is 16 characters
Admin_Password=xxx

[Certificate]
#Certificate information for TMMS server
#Information to generate a private key, keystore and CSR

#OU: OrganizationalUnit (e.g. IT)
Certif_Organisation=xxx

#L: Locality (e.g. Paris)
Certif_City=xxx

#S: StateOrProvinceName (e.g. 75)
Certif_State=xxx

#C: CountryName : Two-letter country code (e.g. FR)
Certif_Country=xx

#Password of the key and the keystore
#Minimum password size is 16 characters
Certif_Password=xxx

#END

Install the TMMS package with the configuration file passed as a prefix

/home/<Username>$ sudo tmms_config_install=/home/<Username>/config_install_tmms.ini apt install ./xx.tixeoserver-tmms_A.B.C.D_amd64.deb

Optional: check the 2 packages are well installed

/home/<Username>$ dpkg -l | grep tixeo
ii  tixeoserver-jdk     16.0.1.2        amd64        JDK for Tixeo TMMS
ii  tixeoserver-tmms    16.0.1.2        amd64        Tixeo TMMS server
note

In case of an installation failed (config_install_tmms.ini to be fixed for instance ), you can uninstall the package with the command below

/home/<Username>$ sudo rm -rf /var/lib/dpkg/info/tixeo*
/home/<Username>$ sudo apt remove tixeoserver-tmms
/home/<Username>$ sudo dpkg --purge --force-all tixeoserver-tmms

4.1.5. Import the certificate

For security purpose, all communication used by Tixeo video conferencing solution are based on TLS.

The TMMS need his own certificate correctly installed in the tomcat keystore.

Based on your security policy and operating constraint, 3 options are available:

4.1.5.1. Generate CSR from the TMMS installation
4.1.5.1.1. Obtain the generated CSR

The first step to obtain your certificate from your PKI is to get the certificate enrollment (certreq.csr file) generated during the TMMS package installation.

From your TixeoServerConfDir, you can get the TMMS server CSR file.

/etc/tixeoserver/tmms/conf/$ cat certreq.csr
-----BEGIN NEW CERTIFICATE REQUEST-----
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFF
-----END NEW CERTIFICATE REQUEST-----

Copy/paste it on the Certificate Authority website to obtain a certificate.

4.1.5.1.2. Import certificates to the tomcat Keystore

After the certificate has been issued by your certification authority, you have to import it into the keystore file.

  • Retrieve the certificates needed:

    • Certification Authority root certificate

    • Intermediate certificates (if any)

    • Issued certificate

  • Move all these certificates in your TixeoServerConfDir

    • In the example below, we have imported 2 certificates

      • CA root certificate (ca.crt)

      • issued certificate (server.crt)

/etc/tixeoserver/tmms/conf/$ ll
total 260
drwxr-xr-x 2 tixeotmms tixeotmms   4096 Feb 10 11:37 ./
drwxr-xr-x 3 tixeotmms tixeotmms   4096 Feb 10 11:29 ../
-rw-r--r-- 1 root      root        1334 Feb 10 11:37 ca.crt
-rw------- 1 tixeotmms tixeotmms  12873 Feb 10 11:29 catalina.policy
-rw------- 1 tixeotmms tixeotmms   7468 Feb 10 11:29 catalina.properties
-rw-r--r-- 1 tixeotmms tixeotmms   1155 Feb 10 11:29 certreq.csr
-rw------- 1 tixeotmms tixeotmms   1400 Feb 10 11:29 context.xml
-rw------- 1 tixeotmms tixeotmms   1149 Feb 10 11:29 jaspic-providers.xml
-rw------- 1 tixeotmms tixeotmms   2313 Feb 10 11:29 jaspic-providers.xsd
-rw-r--r-- 1 tixeotmms tixeotmms   2639 Feb 10 11:29 keystore
-rw------- 1 tixeotmms tixeotmms   4321 Feb 10 11:29 logging.properties
-rw-r--r-- 1 root      root        1318 Feb 10 11:36 server.crt
-rw------- 1 tixeotmms tixeotmms   7765 Feb 10 11:29 server.xml
-rw------- 1 tixeotmms tixeotmms   2164 Feb 10 11:29 tomcat-users.xml
-rw------- 1 tixeotmms tixeotmms   2558 Feb 10 11:29 tomcat-users.xsd
-rw------- 1 tixeotmms tixeotmms 177614 Feb 10 11:29 web.xml
  • keytool will be used to add those certificate to the Tomcat keystore file.

    • keytool is in the bin directory of the JDK you previously installed

      • TixeoServerDir/jdk/current/bin/keytool

  • All the following commands will require the keystore password you entered during the TMMS installation.

  • Install the root certificate:

    • For following command replace <CA_ROOT_FILENAME>

/etc/tixeoserver/tmms/conf/$ sudo /opt/tixeoserver/jdk/current/bin/keytool -import -trustcacerts -alias ca_root -file <CA_ROOT_FILENAME>.crt -keystore keystore
  • If your certification authority provides intermediate certificates, you need to install each one in the right order. Refer to the documentation provided by your certification authority for more information.

    • For following command replace <INTERMEDIATE_FILENAME>. Install each intermediate certificate, using a different alias.

/etc/tixeoserver/tmms/conf/$ sudo /opt/tixeoserver/jdk/current/bin/keytool -import -trustcacerts -alias ca_inter1 -file <INTERMEDIATE_FILENAME>.crt -keystore keystore
  • Install the issued certificate:

    • For following command replace <CERTIFICATE_FILENAME>

    • The alias must be tomcat in this case.

/etc/tixeoserver/tmms/conf/$ sudo /opt/tixeoserver/jdk/current/bin/keytool -import -trustcacerts -alias tomcat -file <CERTIFICATE_FILENAME>.crt -keystore keystore
  • Check if the certificate are well present in the keystore

/etc/tixeoserver/tmms/conf/$ /opt/tixeoserver/jdk/current/bin/keytool -list -v -keystore keystore
4.1.5.2. Import Pre-existing certificate

This section applies only if you have already a certificate (private and public key) and want to use it for the TMMS.
This case usually occurs when wildcard certificates are used.

4.1.5.2.1. Import certificate and keys

From the folder TixeoServerConfDir

  • Retrieve the files needed:

    • Certification Authority root certificate

      • Ca.pem contains the intermediate and root public certificates (concatenated in this order)

 -----BEGIN CERTIFICATE-----
 (CA intermediate certificates)
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 (CA root certificate)
 -----END CERTIFICATE-----
  • TMMS’s certificate

    • server.pem contains the certificate

  • Private key for the TMMS’s certificate

    • server.key contains the private key

Important
  • Make sure your private key is in PEM format. Open it with a text editor, it should start with

-----BEGIN PRIVATE KEY----- in PKCS#8 format
MII...

-----BEGIN RSA PRIVATE KEY----- in PKCS#1 format
MII...
  • Otherwise, convert it with this command

/etc/tixeoserver/tmms/conf/$ openssl rsa -in server_otherfomat.key -out server.key
  • Make sure server and intermediate certificates are in PEM format too.

4.1.5.2.2. .p12 certificate creation

You can now create your .p12 certificate from the previews files with the command below:

/etc/tixeoserver/tmms/conf/$ sudo openssl pkcs12 -export -chain -descert -in server.pem -inkey server.key -out server.p12 -name tomcat -CAfile ca.pem -caname root -passin pass:<server_private_key_password> -passout pass:<p12_password>
Note
<p12_password> field is related to keystorePass= in TixeoServerConfDir/server.xml
4.1.5.2.3. keystore creation

From the folder TixeoServerConfDir
Backup the existing keystore and certreq.csr files

Now, create the new keystore from the .p12 certificate

/etc/tixeoserver/tmms/conf/$ sudo /opt/tixeoserver/jdk/current/bin/keytool -importkeystore -deststorepass <p12_password> -destkeypass <p12_password> -destkeystore keystore -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass <p12_password> -alias tomcat

The tomcat alias entry should have a chain length > 1 (because it must contain the intermediate and root public CA)
Check if the certificate is well present in the keystore

/etc/tixeoserver/tmms/conf/$ /opt/tixeoserver/jdk/current/bin/keytool -list -v -keystore keystore
4.1.5.2.4. Configure Tomcat for your certificate

Stop tmms service in case its running

$ sudo systemctl stop tmms.service

From the folder TixeoServerConfDir

  • Backup the file server.xml

  • Open the server.xml file in a text editor

    • Change value of attribute keystorePass to the password you used for the keystore

    • Save the file

Start tmms service

$ sudo systemctl start tmms.service

You can now browse this page to check if certificate is well configured (replace your-tmms-fqdn.com by your domain name)

4.1.5.3. Generate CSR yourself

In order to obtain a signed certificate from your certification authority, you first have to generate a Certificate Signing Request (CSR).

From your TixeoServerConfDir
Backup the existing keystore and certreq.scr files.

4.1.5.3.1. keystore creation
/etc/tixeoserver/tmms/conf/$ sudo /opt/tixeoserver/jdk/current/bin/keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -ext "SAN=dns:<TMMS_FQDN>" -keystore keystore (1)
  1. <TMMS_FQDN> is the TMMS FQDN defined in TMMS config template

Enter a password. Remember it as it will be used to import certificate and to configure Tomcat.
During this process, you will be prompted for the field below.

  • First and Last Name: TMMS FQDN defined in TMMS config template

  • Organizational Unit: (e.g. DSI)

  • Organization: (e.g. Company A)

  • City/Locality: (e.g. Paris)

  • State/Province: (e.g. 75)

  • Country Code: (e.g. FR)

Type yes to confirm
Hit Enter to set to the key the same password as the keystore.

4.1.5.3.2. CSR generation
/etc/tixeoserver/tmms/conf/$ sudo /opt/tixeoserver/jdk/current/bin/keytool -certreq -alias tomcat -keyalg RSA -keystore keystore -file certreq.csr

Enter the password provided previously for the keystore.
Submit the CSR file to your certification authority to generate your signed certificate.

  • The CSR file should be available in following location:

/etc/tixeoserver/tmms/conf/certreq.csr
  • If the certification authority asks for which software the certificate is, answer tomcat

4.1.6. Start TMMS service

you can now start TMMS service

$ sudo systemctl start tmms.service

you can also check if TMMS service is UP and running

$ sudo systemctl status tmms.service
● tmms.service - TMMS service (tomcat)
     Loaded: loaded (/etc/tixeoserver/tmms/tmms.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2021-02-10 12:35:57 CET; 8s ago
    Process: 12862 ExecStart=/opt/tixeoserver/tmms/tomcat/bin/startup.sh (code=exited, status=0/SUCCESS)
   Main PID: 12884 (java)
      Tasks: 20 (limit: 2344)
     Memory: 700.9M
     CGroup: /system.slice/tmms.service
             └─12884 /opt/tixeoserver/jdk/current/bin/java -Djava.util.logging.config.file=/opt/tixeoserver/tmms/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoad>

Feb 10 12:35:57 tmms1 systemd[1]: Starting TMMS service (tomcat)...
Feb 10 12:35:57 tmms1 startup.sh[12862]: Tomcat started.
Feb 10 12:35:57 tmms1 systemd[1]: Started TMMS service (tomcat).

4.1.7. TCP port redirection

The TMMS service listen on the unprivileged port 8443.

You have to add a local redirection 443⇒8443 when the TMMS is not behind a Load-balancer.

This can be easily achieved with the PRE-ROUTING Iptables entry below

$ sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
note

you will need to make this Iptables entry to persist after reboot on. To achieve this step, you can use the package named iptables-persistent (during this package installation, you will be prompted to automatically save the current iptables table, just answer Yes)

4.1.8. Install your tixeo License

  • Login using the TixeoServer administrator account (the email and password you specified during the installation).

  • Click on Administration, then on Accounts

  • Click on View below Subscriptions

  • Click on the link to add a new subscription

  • To obtain a valid license, you must send to Tixeo (support@tixeo.com) the name of your Account and your Subscription ID.

  • Once you obtain the license file, you can upload it and click on Next. The duration of the license and the number of seats will be shown.

Subscription

4.2. Installing a TCS

4.2.1. Directories

Throughout this document, we will make reference for some directory.

4.2.1.1. Installation directory

The value for TixeoServerDir is:

/opt/tixeoserver/tcs
4.2.1.2. TCS Configuration directory

The value for TixeoServerConfDir is:

/etc/tixeoserver/tcs
4.2.1.3. TCS Logs directory

The value for TixeoServerLogsDir is:

/var/log/tixeoserver/tcs
4.2.1.4. Working directory

This is the directory where you will store files before installation (Packages, Configuration files) The value for TixeoServerWorkingDir is:

/home/<Username>

4.2.2. Download TCS packages

1 Package is required for the TCS installation:

  • tixeoserver-tcs: Tixeo TCS server

Open the following link: https://dl.tixeo.com And enter your download login and password

Follow the tree

>> Latest-Installer >> Linux >> deb

Download the files below in your TixeoServerWorkingDir. With A.B.C.D for the version number and xx as an arbitrary sequence value (01,02 etc)

xx.tixeoserver-tcs_A.B.C.D_amd64.deb

4.2.3. Check the TCS user account

To communicate with the TMMS, the TCS uses web sockets and web services with a dedicated user account. This user account is common to all TCS servers.

The TCS user account is the one which has been specified in the TMMS config template You can check the TCS account on your TMMS:

  • Log in the TMMS web pages with an administrator account

  • Click on Administration, Users then search a user containing tcs

  • The email of the TCS user account appears

  • Optional: You can change the account password by clicking on Edit

4.2.4. Install TCS package

From your TixeoServerWorkingDir

Install the TCS package

/home/<Username>$ sudo apt install ./xx.tixeoserver-tcs_A.B.C.D_amd64.deb

Optional: check the package is well installed

/home/<Username>$ dpkg -l | grep tixeo
ii  tixeoserver-tcs    16.0.1.2    amd64   Tixeo TCS Server

4.2.5. TCS configuration stage

TCS linux package comes with a script to help the configuration.

The script tcs-config.sh is located in TixeoServerDir

/opt/tixeoserver/tcs$ ll
total 24
drwxr-xr-x 4 tixeotcs tixeotcs 4096 Feb 11 12:01 ./
drwxr-xr-x 3 root     root     4096 Feb 11 12:01 ../
drwxr-xr-x 3 tixeotcs tixeotcs 4096 Feb 11 12:01 metaserver/
drwxr-xr-x 2 tixeotcs tixeotcs 4096 Feb 11 12:01 servers/
-rwxr-xr-x 1 tixeotcs tixeotcs 2799 Feb 10 17:25 tcs-config.sh*
-rw-r--r-- 1 tixeotcs tixeotcs  522 Feb 10 17:25 tcs.service

The script will address the steps below:

  • TCS network configuration

  • TCS registration to the TMMS: credentials

  • generation of the certificate enrollment CSR

Launch tcs-config.sh with the command below and fill the field requested:

/opt/tixeoserver/tcs$ sudo ./tcs-config.sh

During this process, you will be prompted for the field below

# enter TCS FQDN (fully qualified domain name on which TCS listens for TCC communications)
xxx

# enter TCS public IP address (IP on which TCS listens for TCC communications)
x.x.x.x

# enter TMMS FQDN or IP address (if an IP is set, the TMMS certificate will not be checked)
# an FQDN value is recommended for security consideration to make the TCS to check the TMMS certificate on connection
xxx or x.x.x.x

# enter TCS user login (in order to register the TCS on the TMMS)
# this is the TCS user account (see TMMS config template)
xxx

# enter TCS user password (in order to register the TCS on the TMMS)
# this is the TCS user account (see TMMS config template)
xxx

# Certificate TCS server CSR generation
# enter Organizational Unit (e.g. IT)
xxx

# enter Company Name (e.g. my company)
xxx

# enter State (e.g. 75)
xxx

# enter Two letter country code (e.g. FR)
xxx

4.2.6. Import the certificate

Like the TMMS, the TCS need his own certificate correctly installed, with the difference that the location change.

Based on your security policy and operating constraint, 3 options are available:

4.2.6.1. Generate CSR from the TCS installation
4.2.6.1.1. Obtain the generated CSR

The first step to obtain your certificate from your PKI is to get the certificate enrollment (certreq.csr file) generated during the TCS package installation.

From your TixeoServerConfDir, you can get the TCS server CSR file.

/etc/tixeoserver/tcs/$ cat server.csr
-----BEGIN NEW CERTIFICATE REQUEST-----
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFF
-----END NEW CERTIFICATE REQUEST-----

Copy/paste it on the Certificate Authority website to obtain a certificate.

4.2.6.1.2. Import certificates

With the certificate issued by your certification authority, you have to import it in the TixeoServerConfDir directory.

  • Retrieve the certificates needed:

    • Certification Authority root certificate

    • Intermediate certificates (if any)

    • Issued certificate

  • Move all these certificates in your TixeoServerConfDir

    • In the example below, we have imported 2 certificates

      • CA root certificate (ca.pem)

      • issued certificate (server.pem)

/etc/tixeoserver/tcs/$ ll
total 36
drwxr-xr-x 3 tixeotcs tixeotcs 4096 Feb 11 12:30 ./
drwxr-xr-x 3 root     root     4096 Feb 11 12:01 ../
drwxr-xr-x 2 tixeotcs tixeotcs 4096 Feb 10 17:25 PinnedCerts/
-rw-r--r-- 1 tixeotcs tixeotcs 1334 Feb 11 12:01 ca.pem
-rw-r--r-- 1 tixeotcs tixeotcs 2279 Feb 11 12:26 config.ini
-rw-r--r-- 1 tixeotcs tixeotcs 1756 Feb 11 12:26 server.csr
-rw------- 1 tixeotcs tixeotcs 3272 Feb 11 12:26 server.key
-rw-r--r-- 1 root     root     1639 Feb 11 12:31 server.pem
Important
  • Note regarding the SSL certificate trust chain:

    • In case of intermediate certificate, you have to merge the entire SSL certificate trust chain into PEM files

    • Open a text editor and paste each root and intermediate certificates into a new file in the following order

      • The intermediate certificates

      • The root certificate

    • Make sure to add full content including begin and end tags. Save the resulting file as CA.pem.
      Hereunder, an example of what the result should look like:

-----BEGIN CERTIFICATE-----
(CA intermediate certificates)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(CA root certificate)
-----END CERTIFICATE-----
4.2.6.2. Import Pre-existing certificate

This section applies only if you have already a certificate (private and public key) and want to use it for the TCS.
This case usually appears with wildcard certificate.

The difference with the previous method is you will override the private key generated during the TCS installation.

Move the files below in TixeoServerConfDir:

  • Retrieve the files needed:

    • Certification Authority root certificate

      • Ca.pem contains the intermediate and root public certificates (concatenated in this order)

 -----BEGIN CERTIFICATE-----
 (CA intermediate certificates)
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 (CA root certificate)
 -----END CERTIFICATE-----
  • TCS’s certificate

    • server.pem contains the certificate

  • Private key for the TCS’s certificate

    • server.key contains the private key

      note

      In case server.key is protected by a password, just store this password in the file below:

/etc/tixeoserver/tcs/server_key_pwd.txt
4.2.6.3. Generate CSR yourself

In order to obtain a signed certificate from your certification authority, you first have to generate a Certificate Signing Request (CSR).

Here is how to proceed:

  • From your TixeoServerConfDir

  • Backup the server.key and server.csr files.

  • Use openssl to generate a CSR from a 2048-bit private key.

/etc/tixeoserver/tcs/$ sudo openssl req -newkey rsa:2048 -nodes -sha256 -config /etc/ssl/openssl.cnf -keyout server.key -out server.csr
  • If you are asked for a challenge password, you can leave it blank or set one. If you set one, you should also put it in the following file:

/etc/tixeoserver/tcs/server_key_pwd.txt
  • Submit the CSR file to your certification authority to generate your signed certificate.

    • The CSR file should be available in following location:

/etc/tixeoserver/tcs/server.csr
  • If the certification authority asks for which software the certificate is, answer ApacheSSL or OTHER

4.2.7. Start TCS service

you can now restart TCS service

$ sudo systemctl restart tcs.service

you can also check if TCS service is UP and running

$ sudo systemctl status tcs.service

4.2.8. Check TCS registration to the TMMS

  • Login with your TixeoServer administrator account on the TMMS web page.

  • Click on Administration, Servers.

  • Enable the TCS, see below:

TCS registration

5. Centos installation

5.1. Installing and initializing the TMMS

5.1.1. Directories

Throughout this document, we will make reference for some directory.

5.1.1.1. Installation directory

The value for TixeoServerDir is:

/opt/tixeoserver/
5.1.1.2. TMMS Configuration directory

The value for TixeoServerConfDir is:

/etc/tixeoserver/tmms/conf/
5.1.1.3. TMMS Logs directory

The value for TixeoServerLogsDir is:

/var/log/tixeoserver/tmms
5.1.1.4. Working directory

This is the directory where you will store files before installation (Packages, Configuration files) The value for TixeoServerWorkingDir is:

/home/<Username>

5.1.2. Download packages

2 Packages are required for the TMMS installation:

  • tixeoserver-jdk: JDK for Tixeo TMMS

  • tixeoserver-tmms: Tixeo TMMS server

Open the following link: https://dl.tixeo.com And enter your download login and password

Follow the tree

>> Latest-Installer >> Linux >> rpm

Download the files below in your TixeoServerWorkingDir. With A.B.C.D for the version number and xx as an arbitrary sequence value (01,02 etc)

xx.tixeoserver-jdk_A.B.C.D_amd64.rpm
xx.tixeoserver-tmms_A.B.C.D_amd64.rpm

5.1.3. Install JDK package

From your TixeoServerWorkingDir

Install the JDK package

/home/<Username>$ sudo yum install ./xx.tixeoserver-jdk_A.B.C.D_amd64.rpm

5.1.4. Install TMMS package

TMMS package require a configuration file for the installation to succeed.

From your TixeoServerWorkingDir

Create config_install_tmms.ini

/home/<Username>$ vi config_install_tmms.ini

And paste the content below

[TMMS Settings]
#Name of your company: Used to ask a license and for emails sent to the users
#Also used for Cerficate's attribute O: Organization
TMMS_CompanyName=xxx

#TMMS public FQDN address: The FQDN to access the TMMS
#Also used for Cerficate's attribute CN: CommonName
TMMS_FQDN=xxx

#TMMS public IPv4 address: The public IP on which the TMMS will listen
TMMS_IP=x.x.x.x

#The login used by the TCSs to connect to the TMMS. Usefull for IaaC deployment of your Tixeo Server
#Minimum password size is 16 characters
TCS_UserName=xxx
TCS_UserPassword=xxx

[Administator Account]
#Account in charge of the meetings management system
#After installation, you’ll be able to add some more administrators

#First name
Admin_Firstname=xxx

#Last name
Admin_Lastname=xxx

#Email address
#user for the admin to logon on the TMMS
Admin_Email=xxx@mycompany.com

#Password (can be empty and in this case, it will be requested during installation)
#Minimum password size is 16 characters
Admin_Password=xxx

[Certificate]
#Certificate information for TMMS server
#Information to generate a private key, keystore and CSR

#OU: OrganizationalUnit (e.g. IT)
Certif_Organisation=xxx

#L: Locality (e.g. Paris)
Certif_City=xxx

#S: StateOrProvinceName (e.g. 75)
Certif_State=xxx

#C: CountryName : Two-letter country code (e.g. FR)
Certif_Country=xx

#Password of the key and the keystore
#Minimum password size is 16 characters
Certif_Password=xxx

#END

Install the TMMS package with the configuration file passed as a prefix

/home/<Username>$ sudo tmms_config_install=/home/<Username>/config_install_tmms.ini yum install ./xx.tixeoserver-tmms_A.B.C.D_amd64.rpm

Optional: check the 2 packages are well installed

/home/<Username>$ yum list | grep tixeo
tixeoserver-jdk.x86_64    16.0.1.2- 1   @@commandline
tixeoserver-tmms.x86_64   16.0.1.2-1    @@commandline
note

In case of an installation failed (config_install_tmms.ini to be fixed for instance ), you can uninstall the package with the command below

/home/<Username>$ sudo rm -rf /var/cache/yum
/home/<Username>$ sudo rm -rf /var/cache/dnf
/home/<Username>$ sudo yum clean all
/home/<Username>$ sudo dnf clean all
/home/<Username>$ sudo yum --setopt=tsflags=noscripts remove tixeoserver-jdk -y
/home/<Username>$ sudo yum --setopt=tsflags=noscripts remove tixeoserver-tmms -y
/home/<Username>$ sudo rm -rf /opt/tixeoserver
/home/<Username>$ sudo rm -rf /etc/tixeoserver
/home/<Username>$ sudo rm -rf /var/log/tixeoserver

5.1.5. Import the certificate

For security purpose, all communication used by Tixeo video conferencing solution are based on TLS.

The TMMS need his own certificate correctly installed in the tomcat keystore.

Based on your security policy and operating constraint, 3 options are available:

5.1.5.1. Generate CSR from the TMMS installation
5.1.5.1.1. Obtain the generated CSR

The first step to obtain your certificate from your PKI is to get the certificate enrollment (certreq.csr file) generated during the TMMS package installation.

From your TixeoServerConfDir, you can get the TMMS server CSR file.

/etc/tixeoserver/tmms/conf/$ cat certreq.csr
-----BEGIN NEW CERTIFICATE REQUEST-----
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFF
-----END NEW CERTIFICATE REQUEST-----

Copy/paste it on the Certificate Authority website to obtain a certificate.

5.1.5.1.2. Import certificates to the tomcat Keystore

After the certificate has been issued by your certification authority, you have to import it into the keystore file.

  • Retrieve the certificates needed:

    • Certification Authority root certificate

    • Intermediate certificates (if any)

    • Issued certificate

  • Move all these certificates in your TixeoServerConfDir

    • In the example below, we have imported 2 certificates

      • CA root certificate (ca.crt)

      • issued certificate (server.crt)

/etc/tixeoserver/tmms/conf/$ ll
total 260
drwxr-xr-x 2 tixeotmms tixeotmms   4096 Feb 10 11:37 ./
drwxr-xr-x 3 tixeotmms tixeotmms   4096 Feb 10 11:29 ../
-rw-r--r-- 1 root      root        1334 Feb 10 11:37 ca.crt
-rw------- 1 tixeotmms tixeotmms  12873 Feb 10 11:29 catalina.policy
-rw------- 1 tixeotmms tixeotmms   7468 Feb 10 11:29 catalina.properties
-rw-r--r-- 1 tixeotmms tixeotmms   1155 Feb 10 11:29 certreq.csr
-rw------- 1 tixeotmms tixeotmms   1400 Feb 10 11:29 context.xml
-rw------- 1 tixeotmms tixeotmms   1149 Feb 10 11:29 jaspic-providers.xml
-rw------- 1 tixeotmms tixeotmms   2313 Feb 10 11:29 jaspic-providers.xsd
-rw-r--r-- 1 tixeotmms tixeotmms   2639 Feb 10 11:29 keystore
-rw------- 1 tixeotmms tixeotmms   4321 Feb 10 11:29 logging.properties
-rw-r--r-- 1 root      root        1318 Feb 10 11:36 server.crt
-rw------- 1 tixeotmms tixeotmms   7765 Feb 10 11:29 server.xml
-rw------- 1 tixeotmms tixeotmms   2164 Feb 10 11:29 tomcat-users.xml
-rw------- 1 tixeotmms tixeotmms   2558 Feb 10 11:29 tomcat-users.xsd
-rw------- 1 tixeotmms tixeotmms 177614 Feb 10 11:29 web.xml
  • keytool will be used to add those certificate to the Tomcat keystore file.

    • keytool is in the bin directory of the JDK you previously installed

      • TixeoServerDir/jdk/current/bin/keytool

  • All the following commands will require the keystore password you entered during the TMMS installation.

  • Install the root certificate:

    • For following command replace <CA_ROOT_FILENAME>

/etc/tixeoserver/tmms/conf/$ sudo /opt/tixeoserver/jdk/current/bin/keytool -import -trustcacerts -alias ca_root -file <CA_ROOT_FILENAME>.crt -keystore keystore
  • If your certification authority provides intermediate certificates, you need to install each one in the right order. Refer to the documentation provided by your certification authority for more information.

    • For following command replace <INTERMEDIATE_FILENAME>. Install each intermediate certificate, using a different alias.

/etc/tixeoserver/tmms/conf/$ sudo /opt/tixeoserver/jdk/current/bin/keytool -import -trustcacerts -alias ca_inter1 -file <INTERMEDIATE_FILENAME>.crt -keystore keystore
  • Install the issued certificate:

    • For following command replace <CERTIFICATE_FILENAME>

    • The alias must be tomcat in this case.

/etc/tixeoserver/tmms/conf/$ sudo /opt/tixeoserver/jdk/current/bin/keytool -import -trustcacerts -alias tomcat -file <CERTIFICATE_FILENAME>.crt -keystore keystore
  • Check if the certificate are well present in the keystore

/etc/tixeoserver/tmms/conf/$ /opt/tixeoserver/jdk/current/bin/keytool -list -v -keystore keystore
5.1.5.2. Import Pre-existing certificate

This section applies only if you have already a certificate (private and public key) and want to use it for the TMMS.
This case usually occurs when wildcard certificates are used.

5.1.5.2.1. Import certificate and keys

From the folder TixeoServerConfDir

  • Retrieve the files needed:

    • Certification Authority root certificate

      • Ca.pem contains the intermediate and root public certificates (concatenated in this order)

 -----BEGIN CERTIFICATE-----
 (CA intermediate certificates)
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 (CA root certificate)
 -----END CERTIFICATE-----
  • TMMS’s certificate

    • server.pem contains the certificate

  • Private key for the TMMS’s certificate

    • server.key contains the private key

Important
  • Make sure your private key is in PEM format. Open it with a text editor, it should start with

-----BEGIN PRIVATE KEY----- in PKCS#8 format
MII...

-----BEGIN RSA PRIVATE KEY----- in PKCS#1 format
MII...
  • Otherwise, convert it with this command

/etc/tixeoserver/tmms/conf/$ openssl rsa -in server_otherfomat.key -out server.key
  • Make sure server and intermediate certificates are in PEM format too.

5.1.5.2.2. .p12 certificate creation

You can now create your .p12 certificate from the previews files with the command below:

/etc/tixeoserver/tmms/conf/$ sudo openssl pkcs12 -export -chain -descert -in server.pem -inkey server.key -out server.p12 -name tomcat -CAfile ca.pem -caname root -passin pass:<server_private_key_password> -passout pass:<p12_password>
Note
<p12_password> field is related to keystorePass= in TixeoServerConfDir/server.xml
5.1.5.2.3. keystore creation

From the folder TixeoServerConfDir
Backup the existing keystore and certreq.csr files

Now, create the new keystore from the .p12 certificate

/etc/tixeoserver/tmms/conf/$ sudo /opt/tixeoserver/jdk/current/bin/keytool -importkeystore -deststorepass <p12_password> -destkeypass <p12_password> -destkeystore keystore -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass <p12_password> -alias tomcat

The tomcat alias entry should have a chain length > 1 (because it must contain the intermediate and root public CA)
Check if the certificate is well present in the keystore

/etc/tixeoserver/tmms/conf/$ /opt/tixeoserver/jdk/current/bin/keytool -list -v -keystore keystore
5.1.5.2.4. Configure Tomcat for your certificate

Stop tmms service in case its running

$ sudo systemctl stop tmms.service

From the folder TixeoServerConfDir

  • Backup the file server.xml

  • Open the server.xml file in a text editor

    • Change value of attribute keystorePass to the password you used for the keystore

    • Save the file

Start tmms service

$ sudo systemctl start tmms.service

You can now browse this page to check if certificate is well configured (replace your-tmms-fqdn.com by your domain name)

5.1.5.3. Generate CSR yourself

In order to obtain a signed certificate from your certification authority, you first have to generate a Certificate Signing Request (CSR).

From your TixeoServerConfDir
Backup the existing keystore and certreq.scr files.

5.1.5.3.1. keystore creation
/etc/tixeoserver/tmms/conf/$ sudo /opt/tixeoserver/jdk/current/bin/keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -ext "SAN=dns:<TMMS_FQDN>" -keystore keystore (1)
  1. <TMMS_FQDN> is the TMMS FQDN defined in TMMS config template

Enter a password. Remember it as it will be used to import certificate and to configure Tomcat.
During this process, you will be prompted for the field below.

  • First and Last Name: TMMS FQDN defined in TMMS config template

  • Organizational Unit: (e.g. DSI)

  • Organization: (e.g. Company A)

  • City/Locality: (e.g. Paris)

  • State/Province: (e.g. 75)

  • Country Code: (e.g. FR)

Type yes to confirm
Hit Enter to set to the key the same password as the keystore.

5.1.5.3.2. CSR generation
/etc/tixeoserver/tmms/conf/$ sudo /opt/tixeoserver/jdk/current/bin/keytool -certreq -alias tomcat -keyalg RSA -keystore keystore -file certreq.csr

Enter the password provided previously for the keystore.
Submit the CSR file to your certification authority to generate your signed certificate.

  • The CSR file should be available in following location:

/etc/tixeoserver/tmms/conf/certreq.csr
  • If the certification authority asks for which software the certificate is, answer tomcat

5.1.6. Start TMMS service

you can now start TMMS service

$ sudo systemctl start tmms.service

you can also check if TMMS service is UP and running

$ sudo systemctl status tmms.service
● tmms.service - TMMS service (tomcat)
     Loaded: loaded (/etc/tixeoserver/tmms/tmms.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2021-02-10 12:35:57 CET; 8s ago
    Process: 12862 ExecStart=/opt/tixeoserver/tmms/tomcat/bin/startup.sh (code=exited, status=0/SUCCESS)
   Main PID: 12884 (java)
      Tasks: 20 (limit: 2344)
     Memory: 700.9M
     CGroup: /system.slice/tmms.service
             └─12884 /opt/tixeoserver/jdk/current/bin/java -Djava.util.logging.config.file=/opt/tixeoserver/tmms/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoad>

Feb 10 12:35:57 tmms1 systemd[1]: Starting TMMS service (tomcat)...
Feb 10 12:35:57 tmms1 startup.sh[12862]: Tomcat started.
Feb 10 12:35:57 tmms1 systemd[1]: Started TMMS service (tomcat).

5.1.7. TCP port redirection

The TMMS service listen on the unprivileged port 8443.

You have to add a local redirection 443⇒8443 when the TMMS is not behind a Load-balancer.

This can be easily achieved with the PRE-ROUTING Iptables entry below

$ sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
note

you will need to make this Iptables entry to persist after reboot on. To achieve this step, you can use the package named iptables-persistent (during this package installation, you will be prompted to automatically save the current iptables table, just answer Yes)

5.1.8. Install your tixeo License

  • Login using the TixeoServer administrator account (the email and password you specified during the installation).

  • Click on Administration, then on Accounts

  • Click on View below Subscriptions

  • Click on the link to add a new subscription

  • To obtain a valid license, you must send to Tixeo (support@tixeo.com) the name of your Account and your Subscription ID.

  • Once you obtain the license file, you can upload it and click on Next. The duration of the license and the number of seats will be shown.

Subscription

5.2. Installing a TCS

5.2.1. Directories

Throughout this document, we will make reference for some directory.

5.2.1.1. Installation directory

The value for TixeoServerDir is:

/opt/tixeoserver/tcs
5.2.1.2. TCS Configuration directory

The value for TixeoServerConfDir is:

/etc/tixeoserver/tcs
5.2.1.3. TCS Logs directory

The value for TixeoServerLogsDir is:

/var/log/tixeoserver/tcs
5.2.1.4. Working directory

This is the directory where you will store files before installation (Packages, Configuration files) The value for TixeoServerWorkingDir is:

/home/<Username>

5.2.2. Download TCS packages

1 Package is required for the TCS installation:

  • tixeoserver-tcs: Tixeo TCS server

Open the following link: https://dl.tixeo.com And enter your download login and password

Follow the tree

>> Latest-Installer >> Linux >> rpm

Download the files below in your TixeoServerWorkingDir. With A.B.C.D for the version number and xx as an arbitrary sequence value (01,02 etc)

xx.tixeoserver-tcs_A.B.C.D_amd64.rpm

5.2.3. Check the TCS user account

To communicate with the TMMS, the TCS uses web sockets and web services with a dedicated user account. This user account is common to all TCS servers.

The TCS user account is the one which has been specified in the TMMS config template You can check the TCS account on your TMMS:

  • Log in the TMMS web pages with an administrator account

  • Click on Administration, Users then search a user containing tcs

  • The email of the TCS user account appears

  • Optional: You can change the account password by clicking on Edit

5.2.4. Install TCS package

From your TixeoServerWorkingDir

Install the TCS package

/home/<Username>$ sudo yum install ./xx.tixeoserver-tcs_A.B.C.D_amd64.rpm

Optional: check the package is well installed

/home/<Username>$ sudo yum list | grep tixeo
tixeoserver-tcs.x86_64    16.0.1.2-1    @@commandline

5.2.5. TCS configuration stage

TCS linux package comes with a script to help the configuration.

The script tcs-config.sh is located in TixeoServerDir

/opt/tixeoserver/tcs$ ll
total 24
drwxr-xr-x 3 tixeotcs tixeotcs 4096 Feb 11 12:01 metaserver/
drwxr-xr-x 2 tixeotcs tixeotcs 4096 Feb 11 12:01 servers/
-rwxr-xr-x 1 tixeotcs tixeotcs 2799 Feb 10 17:25 tcs-config.sh*
-rw-r--r-- 1 tixeotcs tixeotcs  522 Feb 10 17:25 tcs.service

The script will address the steps below:

  • TCS network configuration

  • TCS registration to the TMMS: credentials

  • generation of the certificate enrollment CSR

Launch tcs-config.sh with the command below and fill the field requested:

/opt/tixeoserver/tcs$ sudo ./tcs-config.sh

During this process, you will be prompted for the field below

# enter TCS FQDN (fully qualified domain name on which TCS listens for TCC communications)
xxx

# enter TCS public IP address (IP on which TCS listens for TCC communications)
x.x.x.x

# enter TMMS FQDN or IP address (if an IP is set, the TMMS certificate will not be checked)
# an FQDN value is recommended for security consideration to make the TCS to check the TMMS certificate on connection
xxx or x.x.x.x

# enter TCS user login (in order to register the TCS on the TMMS)
# this is the TCS user account (see TMMS config template)
xxx

# enter TCS user password (in order to register the TCS on the TMMS)
# this is the TCS user account (see TMMS config template)
xxx

# Certificate TCS server CSR generation
# enter Organizational Unit (e.g. IT)
xxx

# enter Company Name (e.g. my company)
xxx

# enter State (e.g. 75)
xxx

# enter Two letter country code (e.g. FR)
xxx

5.2.6. Import the certificate

Like the TMMS, the TCS need his own certificate correctly installed, with the difference that the location change.

Based on your security policy and operating constraint, 3 options are available:

5.2.6.1. Generate CSR from the TCS installation
5.2.6.1.1. Obtain the generated CSR

The first step to obtain your certificate from your PKI is to get the certificate enrollment (certreq.csr file) generated during the TCS package installation.

From your TixeoServerConfDir, you can get the TCS server CSR file.

/etc/tixeoserver/tcs/$ cat server.csr
-----BEGIN NEW CERTIFICATE REQUEST-----
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFF
-----END NEW CERTIFICATE REQUEST-----

Copy/paste it on the Certificate Authority website to obtain a certificate.

5.2.6.1.2. Import certificates

With the certificate issued by your certification authority, you have to import it in the TixeoServerConfDir directory.

  • Retrieve the certificates needed:

    • Certification Authority root certificate

    • Intermediate certificates (if any)

    • Issued certificate

  • Move all these certificates in your TixeoServerConfDir

    • In the example below, we have imported 2 certificates

      • CA root certificate (ca.pem)

      • issued certificate (server.pem)

/etc/tixeoserver/tcs/$ ll
total 36
drwxr-xr-x 3 tixeotcs tixeotcs 4096 Feb 11 12:30 ./
drwxr-xr-x 3 root     root     4096 Feb 11 12:01 ../
drwxr-xr-x 2 tixeotcs tixeotcs 4096 Feb 10 17:25 PinnedCerts/
-rw-r--r-- 1 tixeotcs tixeotcs 1334 Feb 11 12:01 ca.pem
-rw-r--r-- 1 tixeotcs tixeotcs 2279 Feb 11 12:26 config.ini
-rw-r--r-- 1 tixeotcs tixeotcs 1756 Feb 11 12:26 server.csr
-rw------- 1 tixeotcs tixeotcs 3272 Feb 11 12:26 server.key
-rw-r--r-- 1 root     root     1639 Feb 11 12:31 server.pem
Important
  • Note regarding the SSL certificate trust chain:

    • In case of intermediate certificate, you have to merge the entire SSL certificate trust chain into PEM files

    • Open a text editor and paste each root and intermediate certificates into a new file in the following order

      • The intermediate certificates

      • The root certificate

    • Make sure to add full content including begin and end tags. Save the resulting file as CA.pem.
      Hereunder, an example of what the result should look like:

-----BEGIN CERTIFICATE-----
(CA intermediate certificates)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(CA root certificate)
-----END CERTIFICATE-----
5.2.6.2. Import Pre-existing certificate

This section applies only if you have already a certificate (private and public key) and want to use it for the TCS.
This case usually appears with wildcard certificate.

The difference with the previous method is you will override the private key generated during the TCS installation.

Move the files below in TixeoServerConfDir:

  • Retrieve the files needed:

    • Certification Authority root certificate

      • Ca.pem contains the intermediate and root public certificates (concatenated in this order)

 -----BEGIN CERTIFICATE-----
 (CA intermediate certificates)
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 (CA root certificate)
 -----END CERTIFICATE-----
  • TCS’s certificate

    • server.pem contains the certificate

  • Private key for the TCS’s certificate

    • server.key contains the private key

      note

      In case server.key is protected by a password, just store this password in the file below:

/etc/tixeoserver/tcs/server_key_pwd.txt
5.2.6.3. Generate CSR yourself

In order to obtain a signed certificate from your certification authority, you first have to generate a Certificate Signing Request (CSR).

Here is how to proceed:

  • From your TixeoServerConfDir

  • Backup the server.key and server.csr files.

  • Use openssl to generate a CSR from a 2048-bit private key.

/etc/tixeoserver/tcs/$ sudo openssl req -newkey rsa:2048 -nodes -sha256 -config /etc/ssl/openssl.cnf -keyout server.key -out server.csr
  • If you are asked for a challenge password, you can leave it blank or set one. If you set one, you should also put it in the following file:

/etc/tixeoserver/tcs/server_key_pwd.txt
  • Submit the CSR file to your certification authority to generate your signed certificate.

    • The CSR file should be available in following location:

/etc/tixeoserver/tcs/server.csr
  • If the certification authority asks for which software the certificate is, answer ApacheSSL or OTHER

5.2.7. Start TCS service

you can now restart TCS service

$ sudo systemctl restart tcs.service

you can also check if TCS service is UP and running

$ sudo systemctl status tcs.service

5.2.8. Check TCS registration to the TMMS

  • Login with your TixeoServer administrator account on the TMMS web page.

  • Click on Administration, Servers.

  • Enable the TCS, see below:

TCS registration

6. Finalizing the installation

The TMMS and the TCS are now installed and running.

You can now finalize your Tixeo conferencing as described in the TixeoServer Admin guide with the following macro step:

  • Test the email settings if any. See Email settings TixeoServer Admin guide .

  • Add an organizer (it can be the administrator account or any other new user account). See Manage organizers in the TixeoServer Admin guide .

  • Create a meeting using an organizer account.

  • Install the TCC.

  • Connect to the meeting and enjoy.

7. Technical Specifications

7.1. Supported Distributions

TMMS (Tixeo Meeting Management Server) and TCS (Tixeo Communication Server) are available in binary form only.

7.1.1. CentOS

rpm package

  • 8.0+ (x86_64)

7.1.2. Debian

deb package

  • 9 (x86_64)

  • 10 (x86_64)

7.1.3. Ubuntu

deb package

  • 18.04 LTS (x86_64)

  • 20.04 LTS (x86_64)

7.2. Hardware requirements

Requirements For the TMMS For the TCS

CPU

4 vCPU (2,5 Ghz min)

4 vCPU (2,5 Ghz min)

RAM

6 GB

8 GB

HDD

60 GB

40 GB

Requirements are cumulative for All-in-One installation

7.3. Network requirements

Requirements For the TMMS For the TCS

IP address needed

1

1

Listening Port

HTTPS (443) IN HTTP (80) IN

HTTPS (443) IN

FQDN

1

1

Certificates

1

1

DNS

The FQDN should be resolvable for all clients, internal or external if installed in a DMZ, but also by the TMMS and TCS