This article describes how to configure Wowza Streaming Engine Manager to use Secure Sockets Layer (SSL) certificates so you can connect to it using HTTPS. If Wowza Streaming Engine Manager is configured to use HTTPS, then connections over the HTTP protocol will no longer work.
Note: You can use SSL certificates provided by Wowza StreamLock™ or from an SSL certificate authority. For more information about Wowza StreamLock, see Get SSL certificates from the Wowza Streaming Engine StreamLock service.
Configure HTTPS connections
To enable HTTPS connections to Wowza Streaming Engine Manager (version 4.7.3 and later), enable the following SSL parameters:
- httpsKeyAlias - only needed if you have multiple SSL certificates
- To enable SSL, use a text editor to modify the [install-dir]/manager/conf/tomcat.properties file. By default the SSL parameters are commented out:
#httpsPort=8090 #httpsKeyStore=[install-dir]/conf/[ssl-certificate-domain-name].jks #httpsKeyStorePassword=[password]
Note: If you have multiple SSL certificates, you'll need a unique alias for each Java KeyStore (JKS) file. You can supply each file using tomcat.properties and apply the httpsKeyAlias for your unique alias.
- Change the port, [install-dir], [ssl-certificate-domain-name], and keystore [password] to the appropriate values, and then remove the # from the beginning of each line to enable the parameter.
The httpsPort number must be different from the httpPort number (8080). For example, set the httpsPort number to 8090. Make sure that there's no other service running on the same computer that's using the newly assigned httpsPort port number.
The [install-dir] is the location of Wowza Streaming Engine.
The [ssl-certificate-domain-name] is the unique StreamLock domain name for your Wowza Streaming Engine instance, for example 5ab4321c0d123.streamlock.net.
The httpsKeyStorePassword can be the same password used to sign in to Wowza Streaming Engine Manager.
- Save your changes to the tomcat.properties file.
- Restart Wowza Streaming Engine Manager.
Note: When HTTPS connections to Wowza Streaming Engine Manager are enabled with the previous SSL properties, the HSTS header is applied to all responses. The header appears with a max-age of one year and the includeSubDomains directive is set to true. In this case, the redirection to HTTPS works automatically.
Connect to Wowza Streaming Engine Manager using HTTPS
In a web browser, connect to Wowza Streaming Engine Manager using HTTPS, the new port number, and the unique StreamLock domain name for your Wowza Streaming Engine instance that you defined in the tomcat.properties file: