Is there a simple walkthrough on how to get RTMPS over TLS working with a self-signed certificate? I’m having problems generating the self-signed certificate.
Take a look at this guide:
https://www.wowza.com/docs/how-to-request-an-ssl-certificate-from-a-certificate-authority
Richard
Getting an SSL certificate setup is really hard and hard to debug. Be sure you have imported all the root certificates from the certificate authority into your keystore. The problem is there is just not a good way to debug. The info that is logged and loggable just does not help. I am not sure what to suggest.
Charlie
Richard pointed you to the documentation that we have. Self-signed certificates are not going to work very well. You really need to get a certificate from a certificate authority to make it work in a more general sense.
Charlie
I’m not sure how to do that, but this article came to the top of a search:
http://www.akadia.com/services/ssh_test_certificate.html
Richard
Thanks, that gets me all the way up to self-signing the certificate, but it doesn’t say how to do that. Can you help me take that example and simply self-sign the certificate?
Ok, I guess I’ll keep looking around then.
I have things somewhat working here, but whenever I try to connect, I get NetConnection.Connect.Failed.
Here’s my server log:
DEBUG server comment - null doHandshake()
DEBUG server comment - null handshakeStatus=NEED_UNWRAP
DEBUG server comment - null unwrapHandshake()
DEBUG server comment - null inNetBuffer: java.nio.DirectByteBuffer[pos=0 lim=0 cap=16665]
DEBUG server comment - null appBuffer: java.nio.DirectByteBuffer[pos=0 lim=33330 cap=33330]
DEBUG server comment - null Unwrap res:Status = BUFFER_UNDERFLOW HandshakeStatus = NEED_UNWRAP
bytesConsumed = 0 bytesProduced = 0
DEBUG server comment - null Data Read: org.apache.mina.filter.support.SSLHandler@7979a49f (HeapBuffer[pos=0 lim=57 cap=24000: 80 37 01 03 01 00 1E 00 00 00 10 00 00 04 00 FE FF 00 00 0A 00 FE FE 00 00 09 00 00 64 00 00 62 00 00 03 00 00 06 00 00 FF A0 B5 EB 4B 2C 80 47 D2
5B 11 C5 8E 11 D6 6E CB])
DEBUG server comment - null doHandshake()
DEBUG server comment - null handshakeStatus=NEED_UNWRAP
DEBUG server comment - null unwrapHandshake()
DEBUG server comment - null inNetBuffer: java.nio.DirectByteBuffer[pos=0 lim=57 cap=16665]
DEBUG server comment - null appBuffer: java.nio.DirectByteBuffer[pos=0 lim=33330 cap=33330]
DEBUG server comment - null Unwrap res:Status = OK HandshakeStatus = NEED_TASK
bytesConsumed = 57 bytesProduced = 0
DEBUG server comment - null handshakeStatus=NEED_TASK
DEBUG server comment - null doTasks()
DEBUG server comment - null doTask: sun.security.ssl.Handshaker$DelegatedTask@6ec5122f
DEBUG server comment - null doTasks(): NEED_WRAP
DEBUG server comment - null handshakeStatus=NEED_WRAP
DEBUG server comment - null Wrap res:Status = OK HandshakeStatus = NEED_UNWRAP
bytesConsumed = 0 bytesProduced = 725
DEBUG server comment - null write outNetBuffer: java.nio.DirectByteBuffer[pos=0 lim=725 cap=16665]
DEBUG server comment - null session write: HeapBuffer[pos=0 lim=725 cap=725: 16 03 01 02 D0 02 00 00 4D 03 01 4C E4 75 AB 5E 72 A9 35 04 7E 1A 0F D2 4A 22 A2 84 A4 D6 02 F6 57 1B BF 78 DE 66 6C 5D 7B E0 8C 20 4C E4 75 AB 4B 1C 74 76 F8 EB 9B A6 B3 EB 16 EC 18 65 2F A0 2E 15 02 6D E5 62 B9 B9 75 AE 4E 67 00 04 00 00 05 FF 01 00 01 00 0B 00 02 77 00 02 74 00 02 71 30 82 02 6D 30 82 01 D6 A0 03 02 01 02 02 04 4C E4 63 89 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 7B 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0A 43 61 6C 69 66 6F 72 6E 69 61 31 12 30 10 06 03 55 04 07 13 09 53 61 6E 20 44 69 65 67 6F 31 16 30 14 06 03 55 04 0A 13 0D 54 4B 2C 20 41 73 73 65 6D 62 6C 65 64 31 12 30 10 06 03 55 04 0B 13 09 44 65 76 65 6C 6F 70 65 72 31 17 30 15 06 03 55 04 03 13 0E 54 79 6C 65 72 20 4B 6F 63 68 65 72 61 6E 30 1E 17 0D 31 30 31 31 31 37 32 33 32 31 34 35 5A 17 0D 31 31 30 32 31 35 32 33 32 31 34 35 5A 30 7B 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0A 43 61 6C 69 66 6F 72 6E 69 61 31 12 30 10 06 03 55 04 07 13 09 53 61 6E 20 44 69 65 67 6F 31 16 30 14 06 03 55 04 0A 13 0D 54 4B 2C 20 41 73 73 65 6D 62 6C 65 64 31 12 30 10 06 03 55 04 0B 13 09 44 65 76 65 6C 6F 70 65 72 31 17 30 15 06 03 55 04 03 13 0E 54 79 6C 65 72 20 4B 6F 63 68 65 72 61 6E 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 90 1C 1C B9 F2 0B 10 28 8F 9D F7 21 AF 5E 5C 17 81 FC B9 DB 42 76 45 59 5F 37 A2 A5 60 F2 27 FC 2C 2E 7A A0 31 BA 7C 49 95 F2 BF 98 0C 1A 22 84 55 8F 96 13 F3 93 57 E8 4E 2D B5 AE F8 3D 5F D3 41 F6 9E 45 9F E2 AE 4B E0 C9 DC 0B 4F AA 59 A7 52 74 04 0B 1A 17 61 1B 02 E1 A4 C2 C1 8E B5 FB 56 36 D8 88 CB CE B2 A1 47 89 B9 6B BF A1 B6 60 E1 28 63 F4 E8 7F AB 47 80 C4 99 7A 6B 21 B9 CF 02 03 01 00 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 81 81 00 48 A2 F6 D5 BB 12 2B 94 A5 0B 6A D0 72 E7 5C 63 73 81 EA ED EB E3 3D D9 AD D0 C0 23 A6 2A DD 51 52 DC 3A 9D 2F 30 1F A4 09 F4 7A 1D 6A 14 C1 AE FF 46 4B DB B5 C3 F2 E7 33 5D 50 18 A6 2C 22 AC 6C 46 D3 8C 2A 51 70 8A 20 49 59 79 09 77 45 A3 E0 80 4C 5D CD 60 C3 95 8F 54 36 FB EE DB DC F7 EB BA EF 35 87 BE E6 82 2A EF 02 4D 6C EE 86 55 CA 95 37 5C 0E 96 CB 91 D1 B4 57 2E AA 50 CF A1 0E 00 00 00]
DEBUG server comment - null Filtered Write: org.apache.mina.filter.support.SSLHandler@7979a49f
DEBUG server comment - null already encrypted: HeapBuffer[pos=0 lim=725 cap=725: 16 03 01 02 D0 02 00 00 4D 03 01 4C E4 75 AB 5E 72 A9 35 04 7E 1A 0F D2 4A 22 A2 84 A4 D6 02 F6 57 1B BF 78 DE 66 6C 5D 7B E0 8C 20 4C E4 75 AB 4B 1C 74 76 F8 EB 9B A6 B3 EB 16 EC 18 65 2F A0 2E 15 02 6D E5 62 B9 B9 75 AE 4E 67 00 04 00 00 05 FF 01 00 01 00 0B 00 02 77 00 02 74 00 02 71 30 82 02 6D 30 82 01 D6 A0 03 02 01 02 02 04 4C E4 63 89 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 7B 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0A 43 61 6C 69 66 6F 72 6E 69 61 31 12 30 10 06 03 55 04 07 13 09 53 61 6E 20 44 69 65 67 6F 31 16 30 14 06 03 55 04 0A 13 0D 54 4B 2C 20 41 73 73 65 6D 62 6C 65 64 31 12 30 10 06 03 55 04 0B 13 09 44 65 76 65 6C 6F 70 65 72 31 17 30 15 06 03 55 04 03 13 0E 54 79 6C 65 72 20 4B 6F 63 68 65 72 61 6E 30 1E 17 0D 31 30 31 31 31 37 32 33 32 31 34 35 5A 17 0D 31 31 30 32 31 35 32 33 32 31 34 35 5A 30 7B 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0A 43 61 6C 69 66 6F 72 6E 69 61 31 12 30 10 06 03 55 04 07 13 09 53 61 6E 20 44 69 65 67 6F 31 16 30 14 06 03 55 04 0A 13 0D 54 4B 2C 20 41 73 73 65 6D 62 6C 65 64 31 12 30 10 06 03 55 04 0B 13 09 44 65 76 65 6C 6F 70 65 72 31 17 30 15 06 03 55 04 03 13 0E 54 79 6C 65 72 20 4B 6F 63 68 65 72 61 6E 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 90 1C 1C B9 F2 0B 10 28 8F 9D F7 21 AF 5E 5C 17 81 FC B9 DB 42 76 45 59 5F 37 A2 A5 60 F2 27 FC 2C 2E 7A A0 31 BA 7C 49 95 F2 BF 98 0C 1A 22 84 55 8F 96 13 F3 93 57 E8 4E 2D B5 AE F8 3D 5F D3 41 F6 9E 45 9F E2 AE 4B E0 C9 DC 0B 4F AA 59 A7 52 74 04 0B 1A 17 61 1B 02 E1 A4 C2 C1 8E B5 FB 56 36 D8 88 CB CE B2 A1 47 89 B9 6B BF A1 B6 60 E1 28 63 F4 E8 7F AB 47 80 C4 99 7A 6B 21 B9 CF 02 03 01 00 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 81 81 00 48 A2 F6 D5 BB 12 2B 94 A5 0B 6A D0 72 E7 5C 63 73 81 EA ED EB E3 3D D9 AD D0 C0 23 A6 2A DD 51 52 DC 3A 9D 2F 30 1F A4 09 F4 7A 1D 6A 14 C1 AE FF 46 4B DB B5 C3 F2 E7 33 5D 50 18 A6 2C 22 AC 6C 46 D3 8C 2A 51 70 8A 20 49 59 79 09 77 45 A3 E0 80 4C 5D CD 60 C3 95 8F 54 36 FB EE DB DC F7 EB BA EF 35 87 BE E6 82 2A EF 02 4D 6C EE 86 55 CA 95 37 5C 0E 96 CB 91 D1 B4 57 2E AA 50 CF A1 0E 00 00 00]
DEBUG server comment - null handshakeStatus=NEED_UNWRAP
DEBUG server comment - null unwrapHandshake()
DEBUG server comment - null inNetBuffer: java.nio.DirectByteBuffer[pos=0 lim=0 cap=16665]
DEBUG server comment - null appBuffer: java.nio.DirectByteBuffer[pos=0 lim=33330 cap=33330]
DEBUG server comment - null Unwrap res:Status = BUFFER_UNDERFLOW HandshakeStatus = NEED_UNWRAP
bytesConsumed = 0 bytesProduced = 0
DEBUG server comment - null Data Read: org.apache.mina.filter.support.SSLHandler@7979a49f (HeapBuffer[pos=0 lim=7 cap=24000: 15 03 01 00 02 02 2A])
DEBUG server comment - null doHandshake()
DEBUG server comment - null handshakeStatus=NEED_UNWRAP
DEBUG server comment - null unwrapHandshake()
DEBUG server comment - null inNetBuffer: java.nio.DirectByteBuffer[pos=0 lim=7 cap=16665]
DEBUG server comment - null appBuffer: java.nio.DirectByteBuffer[pos=0 lim=33330 cap=33330]
INFO server comment - ServerHandler.exceptionCaught[[any]:443:0:0:0:0:0:0:0:1]: javax.net.ssl.SSLHandshakeException: SSL handshake failed.
DEBUG server comment - null Closed: org.apache.mina.filter.support.SSLHandler@7979a49f
- - - - -
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1430)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1398)
at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1337)
at org.apache.mina.filter.support.SSLHandler.destroy(Unknown Source)
at org.apache.mina.filter.SSLFilter.sessionClosed(Unknown Source)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextSessionClosed(Unknown Source)
at org.apache.mina.common.support.AbstractIoFilterChain.access$600(Unknown Source)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.sessionClosed(Unknown Source)
at org.apache.mina.common.support.AbstractIoFilterChain$1.sessionClosed(Unknown Source)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextSessionClosed(Unknown Source)
at org.apache.mina.common.support.AbstractIoFilterChain.fireSessionClosed(Unknown Source)
at org.apache.mina.common.support.IoServiceListenerSupport.fireSessionDestroyed(Unknown Source)
at org.apache.mina.transport.socket.nio.SocketIoProcessor.doRemove(Unknown Source)
at org.apache.mina.transport.socket.nio.SocketIoProcessor.access$800(Unknown Source)
at org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(Unknown Source)
at org.apache.mina.util.NamePreservingRunnable.run(Unknown Source)
at java.lang.Thread.run(Thread.java:636)
Is there something I’m doing wrong here? I’m on Linux.
Could you maybe write up a step-by-step tutorial on how to get a self-signed certificate generated and hooked up with Wowza? I’m just not sure how to get it self-signed. If I had step-by-step instructions, it would be much easier to see if there was a problem, but since I’m shooting in the dark with self signing, I don’t know what I’m doing wrong.