Wowza Logo Wowza Icon
Wowza Video Sign Out
Talk to an Expert Free Trial
Wowza Video Sign Out

Wowza Community

PEM vs. PKCS7 cert use (Windows server 2012 R2)

Wowza Streaming Engine
#1

Curious if people have had success with PEM vs. PKCS7 certs. A PEM was successful on one server, but not the other, although I also tried PKCS7 on the server that doesn’t have SSL working yet.

#2

Hello,

Thanks for contacting the wowza community!

Here is a link to our security options: SECURITY

I suggest following the steps of one of the options. They all have been tested and working.

Hope this helps. If any further questions, feel free to contact us.

regards,

Jermaine

#3

Jermaine, thanks for the reply. Trying the Streamlock method was indeed one of my next planned steps. (My goal has been to use the method using an Incommon cert, acquired through our university’s central IT department working, partly to keep our procedures the same (we successfully used the Incommon route on another Windows Server 2012 R2 server)).

Update: I came in today (after having used the PKCS7 method last week), and all systems were go!

The first thing I noticed, was that the SSL checker page (still left open), had apparently refreshed, and showed success! I was both surprised and delighted. I think what happened was either that: 1) the results on Friday were cached (I do recall once seeing a notice that the results were cached to save server resources (they did have a button to manually force a refresh)), or 2) there was some latency for the certificate chain to take effect (I don’t know if that can even happen; just speculating). Secondly, I was testing in JW Players https tester using the server IP address, and not the CNAME which the .jks is listed under. I just tested with the CNAME and it works; and the IP address fails (which I guess is to be expected). So the IP address would never have worked, and even if I’d tested with CNAME, if the certificate chain had not completed, it would not have worked at that time anyway.

References:

https://www.sslshopper.com/ssl-checker.html

https://developer.jwplayer.com/tools/stream-tester/

Bottom line: PKCS7 worked for me, but not PEM, although another Windows Server 2012 R2 system here was set up successfully using PEM.

Bob

© 2007–2024 Wowza Media Systems, LLC. All rights reserved.   Security & Privacy PolicyLegalSystem Status