Wowza Logo Wowza Icon
Wowza Video Sign Out
Talk to an Expert Free Trial
Wowza Video Sign Out

Wowza Community

Does Wowza streamlock support Subject Alternative Name?

Wowza Streaming Engine
#1

Using Wowza StreamLock Certificate I am getting the following error in chrome NET::ERR_CERT_COMMON_NAME_INVALID

According to google beginning with Chrome 58, the Chrome browser no longer uses the Common Name (CN) field to validate an SSL certificate. Instead, it only uses the Subject Alternative Name field.

#2

Tech support is suggesting that this error can be thrown if your StreamLock certificate has expired @sAM ElMorabit. You can check the status here:

https://www.sslshopper.com/ssl-checker.html

They tested StreamLock in the latest version of Chrome and had no issue. If your certificate is still valid and that’s not the issue, please submit a support ticket and we’ll diagnose the problem for you.

https://www.wowza.com/support/open-ticket

#3

Hi,

The error suggests some other issue as it is saying the common name is invalid.

How have you got your VHost.xml configured and how are you accessing your server, ie. what is the URL you are using ?

Andrew.

#4

To answer directly though your question about whether or not Wowza Streamlock supports Subject Alternative Name field, yes it does.

Please see this example:

 ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: 50c68a6b4a093.streamlock.net
  DNSName: www.50c68a6b4a093.streamlock.net
]
#5

The following is the URL I am using :

https://66.77.62.29/CHAN-375/CHAN-375_1.stream/playlist.m3u8

as for VHost.xml:

StreamLock

443 192.168.116.29

Streaming

${com.wowza.wms.TuningAuto}

true 65000 65000 65000 true 100

cupertinostreaming,smoothstreaming,sanjosestreaming,dvrchunkstreaming,mpegdashstreaming

com.wowza.wms.http.HTTPCrossdomain *crossdomain.xml none

com.wowza.wms.http.HTTPClientAccessPolicy *clientaccesspolicy.xml none com.wowza.wms.http.HTTPProviderMediaList *jwplayer.rss|*jwplayer.smil|*medialist.smil|*manifest-rtmp.f4m none

com.wowza.wms.timedtext.http.HTTPProviderCaptionFile .ttml|.srt|.scc|.vtt none com.wowza.wms.webrtc.http.HTTPWebRTCExchangeSessionInfo

*webrtc-session.json none

com.wowza.wms.http.HTTPServerVersion * none

C:/Program Files (x86)/Wowza Media Systems/Wowza Streaming Engine 4.7.5/conf/5bac76fd46024.streamlock.net.jks

xxxxxxxxx

JKS

TLS

SunX509 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV,TLS_DH_anon_WITH_AES_128_GCM_SHA256,TLS_DH_anon_WITH_AES_128_CBC_SHA256,TLS_ECDH_anon_WITH_AES_128_CBC_SHA,TLS_DH_anon_WITH_AES_128_CBC_SHA,TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DH_anon_WITH_DES_CBC_SHA,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,TLS_RSA_WITH_NULL_SHA256,TLS_ECDHE_ECDSA_WITH_NULL_SHA,TLS_ECDHE_RSA_WITH_NULL_SHA,SSL_RSA_WITH_NULL_SHA,TLS_ECDH_ECDSA_WITH_NULL_SHA,TLS_ECDH_RSA_WITH_NULL_SHA,TLS_ECDH_anon_WITH_NULL_SHA,SSL_RSA_WITH_NULL_MD5,TLS_KRB5_WITH_3DES_EDE_CBC_SHA,TLS_KRB5_WITH_3DES_EDE_CBC_MD5,TLS_KRB5_WITH_DES_CBC_SHA,TLS_KRB5_WITH_DES_CBC_MD5,TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5

SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2

#6

Hi,

The problem I suspect is you are using this URL

https://66.77.62.29/CHAN-375/CHAN-375_1.stream/playlist.m3u8

it should be

https://____5bac76fd46024.streamlock.net/CHAN-375/CHAN-375_1.stream/playlist.m3u8

When accessing a SSL connection the CN name, so in the certificate MUST match the URL being accessed, otherwise the certificate is not valid for the connection.

Please try the following

https://5bac76fd46024.streamlock.net/serverinfo

and

https://66.77.62.29/serverinfo

The first should show the server version, the second should give you the SSL error you have been experiencing before.

I assume you also behind a NAT firewall as the IP address configured on the server is 192.168.116.29 and your public URLs are 66.77.62.29.

Andrew.

© 2007–2024 Wowza Media Systems, LLC. All rights reserved.   Security & Privacy PolicyLegalSystem Status