Understanding SSL/TLS

This article provides an overview of how to use the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols with Wowza Streaming Engine™ media server software. 


SSL and TLS are security protocols for establishing secure network connections between two systems, for example, Wowza Streaming Engine and a video player.

The secure connection is established via what is commonly called the SSL/TLS handshake. During the handshake, information is exchanged between the server and client to confirm the authenticity of the server’s SSL/TLS certificate. If the server passes the test, an agreement is made regarding how the site content will be encrypted.

Note: The terms SSL and TLS are often used interchangeably. SSL was developed by Netscape in 1995. Due to security concerns, it received a much-needed makeover by the Internet Engineering Task Force (IETF) in 1999. The IETF standardized the protocol and changed the name from SSL to TLS.

Installing SSL/TLS certificates

An SSL/TLS certificate is a file that’s stored on the origin server of the site you're visiting. When you navigate to an HTTPS website, the SSL/TLS certificate verifies that your browser is communicating with the server that owns the website domain. Each certificate contains information such as:

  • The domain name for which the certificate was issued
  • The person, organization, or device to whom it was issued
  • The Certificate Authority that issued it
  • The Certificate Authority’s digital signature
  • Any associated subdomains
  • The issue date of the certificate
  • The expiration date of the certificate
  • The public key

SSL/TLS certificates should be installed on the Wowza Streaming Engine server. To install a certificate, do one of the following:

  • Request a Wowza StreamLock certificate – Wowza StreamLock™ service is a security option for network encryption that provides near-instant provisioning of free 2048-bit SSL/TLS certificates for use with Wowza Streaming Engine. For more information, see Get SSL/TLS certificates from the Wowza Streaming Engine StreamLock service.
    Note: Wowza StreamLock certificates are available for Wowza Streaming Engine licenses with active maintenance and support, including trial licenses.
  • Request a certificate from a third-party certificate authority – SSL/TLS certificates can also be obtained from a third-party certificate authority. To request a certificate, use the keytool utility that comes with the Java JRE that installs with Wowza Streaming Engine to create a keystore and certificate signing request. After you receive the certificate, import it into the keystore. For more information, see Request an SSL certificate for Wowza Streaming Engine from a certificate authority.
  • Import an existing SSL/TLS certificate – If you already have an SSL/TLS certificate, you can use the keytool utility to import it into the keystore. For more information, see Import an existing SSL certificate and private key for Wowza Streaming Engine.
  • Generate a self-signed certificate – Another option is to generate a self-signed SSL/TLS certificate using your own method and keys for encryption. For more information, see Create a self-signed SSL certificate for Wowza Streaming Engine.
    Note: Self-signed certificates are considered untrustworthy by most browsers. We recommend using a signed certificate from Wowza or another trusted certificate authority.

SSL/TLS and Wowza Streaming Engine

Wowza Streaming Engine supports SSL and some versions of TLS for secure publish and playback of streams over HTTPS (HTTP over SSL/TLS), RTMPS (RTMP over SSL/TLS), encrypted RTMP (RTMPE), RTSPS (RTSP over SSL/TLS), WOWZS (WOWZ over SSL/TLS), and WSS (WebSocket Secure).

Note: SSL/TLS only protects streams during transit. For additional security, we recommend using SecureToken for playback protection. For more information, see Protect streaming using SecureToken in Wowza Streaming Engine.

SSL/TLS can also be configured for use with Wowza Streaming Engine as follows:

More resources