and ran into the issue of the private key not matching the cert because I need to use the key that I already have.
So then I followed another how-to that used my current key and turns it into a java keystore and then used that keystore with keytool to import my root CA and my wildcard cert. I know this is possible because I use the same method for my email servers Jetty keystore. Everything seemed to work correctly until I restarted Wowza with debug logging turned on and tried to hit the HTTProvider run on port 443, or any application stream on port 443.
In the logs I see the SSL handshake start and then fail:
DEBUG server comment - null doHandshake()
DEBUG server comment - null handshakeStatus=NEED_UNWRAP
DEBUG server comment - null unwrapHandshake()
DEBUG server comment - null inNetBuffer: java.nio.DirectByteBuffer[pos=0 lim=322 cap=16665]
DEBUG server comment - null appBuffer: java.nio.DirectByteBuffer[pos=0 lim=33330 cap=33330]
INFO server comment - ServerHandler.exceptionCaught[[any]:443:ip_address]: javax.net.ssl.SSLHandshakeException: SSL handshake failed.
DEBUG server comment - null Closed: org.apache.mina.filter.support.SSLHandler@6c0ec436
- - - - -
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
What am I missing? or rather where did I go wrong?
My keystore currently resembles this:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
root, Jun 14, 2012, trustedCertEntry,
Certificate fingerprint (MD5): B6:4C:...
wowza, Jun 14, 2012, PrivateKeyEntry,
Certificate fingerprint (MD5): B9:A0:....