wildcard SSL certificate usage
I have a wildcard SSL certificate that I'd like to add to my Wowza install. I followed the guide here:
http://www.wowza.com/forums/content.php?128, but only the parts about importing certificates and configuring VHOST.xml. I ran the following commands:
The first to add the CA's certificate, and the second to add the certificate specific to my domain name.
In VHost.xml, I removed the comment tags from the SSL vhost. It was pretty much all ready to go, I just changed the KeyStorePath to reflect the same name I used above, and added my password to KeyStorePassword. I also changed the port from 443 to 4433.
Wowza starts up fine, but when I try to access the sever in the browser to simply return the version number I get nothing. I enabled DEBUG logging and am seeing "SSL handshake failed messages." So something went wrong, I'm guessing in the import part. Can anyone give me any clues here?
Thanks!
keytool -import -alias root -trustcacerts -file intermediate.crt -keystore ssl.mydomain.com.cert keytool -import -alias wowza -trustcacerts -file mydomain.crt -keystore ssl.mydomain.com.cert
The first to add the CA's certificate, and the second to add the certificate specific to my domain name.
In VHost.xml, I removed the comment tags from the SSL vhost. It was pretty much all ready to go, I just changed the KeyStorePath to reflect the same name I used above, and added my password to KeyStorePassword. I also changed the port from 443 to 4433.
Wowza starts up fine, but when I try to access the sever in the browser to simply return the version number I get nothing. I enabled DEBUG logging and am seeing "SSL handshake failed messages." So something went wrong, I'm guessing in the import part. Can anyone give me any clues here?
Thanks!
What browser are you using? There is some problem with Chrome.
Richard
Richard
Richard,
I don't think this is a browser problem. I've tried in IE8, FF and used a SSL checker utility found here: https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO9556
All do not work.
In doing a little more research, I have come across this: http://www.agentbob.info/agentbob/79-AB.html This writeup talks about importing an existing certificate that has already been created into a java keystore. This is the case I'm in. I have a wildcard certificate that was was generated from an openssl csr. If I follow these directions and then use keytool to import the root certificate I no longer get the "SSL handshake failed" message, but for some reason it still doesnt work. Here is what I get in the log:
Any other ideas?
I don't think this is a browser problem. I've tried in IE8, FF and used a SSL checker utility found here: https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO9556
All do not work.
In doing a little more research, I have come across this: http://www.agentbob.info/agentbob/79-AB.html This writeup talks about importing an existing certificate that has already been created into a java keystore. This is the case I'm in. I have a wildcard certificate that was was generated from an openssl csr. If I follow these directions and then use keytool to import the root certificate I no longer get the "SSL handshake failed" message, but for some reason it still doesnt work. Here is what I get in the log:
INFO server comment - Wowza Media Server is started! DEBUG server comment - open INFO server comment - handshake0: 103 INFO server comment - handshake0: 110 DEBUG server comment - sessionClosed: send close DEBUG server comment - sessionClosed: closeConnection: vhost:_defaultVHost_ clientId:1811777746 INFO session disconnect 1811777746 - DEBUG server comment - ServerHandler.handleSessionIdle: isDidClose
Any other ideas?
Richard,
I got it work. I talked to RapidSSL about the issue and they directed me here: https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO17070&actp=search&viewlocale=en_US&searchid=1341956626144
On top of the openssl command, I did have to append the Equifax Secure Certificate Authority Root CA certificate to the bottom the RapidSSL intermediate CA file. I also had to change the SSLConfig/KeyStoreType to PKCS12.
I got it work. I talked to RapidSSL about the issue and they directed me here: https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO17070&actp=search&viewlocale=en_US&searchid=1341956626144
On top of the openssl command, I did have to append the Equifax Secure Certificate Authority Root CA certificate to the bottom the RapidSSL intermediate CA file. I also had to change the SSLConfig/KeyStoreType to PKCS12.
Great! Thanks for the update. This should help others.
Richard
Richard
Open /conf/log4j.properties file in a text editor, then in the top line, change "INFO" to "DEBUG". This will increase logging about 10 fold and probably create too much noise to see what is important. In some cases it is useful, but more often it is not.
Richard
Richard
That's going to be really good. Till I would like to develop some addons...
_________________
GeoTrsut SSL Certificate
_________________
GeoTrsut SSL Certificate
