Results 1 to 8 of 8

Thread: I need wowza to verify client certificate during handshake. Is it possible ?

  1. #1

    Default I need wowza to verify client certificate during handshake. Is it possible ?

    Hi I cannot find any info about enabling client certificate validation during ssl handshare.
    Is it supported by wowza ? If not directly supported could you please confirm that you use standard java SSL support so
    I can create ServerListener and change this behaviour globally.

  2. #2
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    Take a look at this guide:

    http://www.wowza.com/forums/content....cate-authority

    Richard

  3. #3

    Default

    Richard,
    thanks for quick response but link you provide how to get certificate from CA and setup server certificate.
    What I asked is how to setup wowza to validate Client's certificate during SSL handshake.

  4. #4
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    I don't think there is anything built-in to Wowza for this. Perhaps there is something in Java that you can use in a Wowza module. A number of articles and posts come up on search for "java validate ssl certificate"

    Richard

  5. #5
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    It's not supported in Wowza at present. Can you provide more detail? It might be something that will be considered for a future release.

    Richard

  6. #6

    Default

    Not a problem.
    I made a little investigation and see that I will be able to workabout this for now using JSSE customization mechanism.
    It's common setting for TLS to provide keystore with valid client certificates.
    Please take a look at this post about mutual ssl authorization.
    http://blog.teamlazerbeez.com/2011/1...jks-keystores/
    In this case both client and server check certificates for each others.
    So how I think if your want to support it it's enough to add to Vhost.xml two parameters for keystore like for server certificate.
    ValidClientsCertificatesStore and Password for it.
    So when you create KeyManager for given VHost' SSLContext you need to check if client' certificates settings exists and create TrustManager with clients certificates and update
    perform serverSocket.setNeedClientAuth(true) for server socket.
    Please take a look at article above.

  7. #7

    Default

    rrlanham,
    please let me know about any concerns or questions for this. It's really great idea to add this to wowza mainline. I saw at least several threads about this without solution.
    So I even agree to contribute an example or participate in this. My clients will be very happy to configure this themself without my ugly fixes.

  8. #8
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    Will do. I already forwarded your earlier post.

    Thanks,
    Richard

Similar Threads

  1. Replies: 1
    Last Post: 09-22-2014, 11:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •