I have a wildcard SSL certification for my domain (which was created with openssl and signed by a known CA) and I was trying to use it with Wowza. I’m not sure what should go in keystorepath, is it just the cert? The cert and the PEM key that I have for this cert? When I just put in the cert and try to connect via HTTPS (for cupertino streaming) I get:

Connecting to 127.0.0.1:443… connected.

OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Unable to establish SSL connection.

Any help would be appreciated.

–dan

Dan,

Take a look at this guide:

https://www.wowza.com/docs/how-to-request-an-ssl-certificate-from-a-certificate-authority

Richard

I really don’t know. I might try accessing using different tools. I have not had good luck with self-signed certs.

Charlie

I actually also followed that guide and created a self signed cert, still getting the problem (trying to retrieve using wget)

keytool -printcert -v -file /Users/dan/off/fandor/certificates/f/out.cert

Owner: CN=Dan Aronson, OU=Unknown, O=Fandor, L=San Francisco, ST=CA, C=US

Issuer: CN=Dan Aronson, OU=Unknown, O=Fandor, L=San Francisco, ST=CA, C=US

Serial number: 4e592264

Valid from: Sat Aug 27 09:59:16 PDT 2011 until: Fri Nov 25 08:59:16 PST 2011

Certificate fingerprints:

MD5: 12:C8:7D:E8:9A:05:A2:EA:36:9B:67:DA:52:E6:79:F4

SHA1: F1:2D:22:D5:ED:DE:92:BD:E8:73:79:9A:9A:1C:85:21:5B:2D:0E:F7

Signature algorithm name: SHA1withRSA

Version: 3

in Vhosts.xml

/Users/dan/off/fandor/certificates/f/out.cert

******

JKS

TLS

SunX509

Output from wget:

wget https://127.0.0.1/fandor/smil:000257_fallen_angels_-w-_-b-kbps.smil/playlist.m3u8

–12:13:08-- https://127.0.0.1/fandor/smil:000257_fallen_angels_-w-_-b-kbps.smil/playlist.m3u8

=> `playlist.m3u8’

Connecting to 127.0.0.1:443… connected.

OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Unable to establish SSL connection.

I’m sure that’s not the problem. I’m loathe to pay for another cert until I can see that this works, wget works fine with self signed certs for webservers. Here’s an example of using it against a self-signed cert…

wget https://repository.fandor.com

–16:53:04-- https://repository.fandor.com/

=> `index.html’

Resolving repository.fandor.com… 70.35.42.124

Connecting to repository.fandor.com|70.35.42.124|:443… connected.

ERROR: Certificate verification error for repository.fandor.com: self signed certificate

To connect to repository.fandor.com insecurely, use `–no-check-certificate’.

Unable to establish SSL connection.

got it, i was just editing the conf file and putting the 443 port in the wrong place.

–dan