Over the past few days I have tried to enable SSL over port 443 on my Wowza 3 (3.0.5 build1220) Server. I used this tutorial to get started:
and ran into the issue of the private key not matching the cert because I need to use the key that I already have.
So then I followed another how-to that used my current key and turns it into a java keystore and then used that keystore with keytool to import my root CA and my wildcard cert. I know this is possible because I use the same method for my email servers Jetty keystore. Everything seemed to work correctly until I restarted Wowza with debug logging turned on and tried to hit the HTTProvider run on port 443, or any application stream on port 443.
In the logs I see the SSL handshake start and then fail:
DEBUG server comment - null doHandshake() DEBUG server comment - null handshakeStatus=NEED_UNWRAP DEBUG server comment - null unwrapHandshake() DEBUG server comment - null inNetBuffer: java.nio.DirectByteBuffer[pos=0 lim=322 cap=16665] DEBUG server comment - null appBuffer: java.nio.DirectByteBuffer[pos=0 lim=33330 cap=33330] INFO server comment - ServerHandler.exceptionCaught[[any]:443:ip_address]: javax.net.ssl.SSLHandshakeException: SSL handshake failed. DEBUG server comment - null Closed: org.apache.mina.filter.support.SSLHandler@6c0ec436 - - - - - javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
What am I missing? or rather where did I go wrong?
My keystore currently resembles this:
Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries root, Jun 14, 2012, trustedCertEntry, Certificate fingerprint (MD5): B6:4C:... wowza, Jun 14, 2012, PrivateKeyEntry, Certificate fingerprint (MD5): B9:A0:....
Thanks in advance!