Results 1 to 2 of 2

Thread: Wowza 3 and SSL with a wildcard cert

  1. #1
    Join Date
    May 2010
    Posts
    4

    Default Wowza 3 and SSL with a wildcard cert

    Over the past few days I have tried to enable SSL over port 443 on my Wowza 3 (3.0.5 build1220) Server. I used this tutorial to get started:

    http://www.wowza.com/forums/content.php?128

    and ran into the issue of the private key not matching the cert because I need to use the key that I already have.

    So then I followed another how-to that used my current key and turns it into a java keystore and then used that keystore with keytool to import my root CA and my wildcard cert. I know this is possible because I use the same method for my email servers Jetty keystore. Everything seemed to work correctly until I restarted Wowza with debug logging turned on and tried to hit the HTTProvider run on port 443, or any application stream on port 443.

    In the logs I see the SSL handshake start and then fail:
    DEBUG server comment - null doHandshake()
    DEBUG server comment - null  handshakeStatus=NEED_UNWRAP
    DEBUG server comment - null unwrapHandshake()
    DEBUG server comment - null   inNetBuffer: java.nio.DirectByteBuffer[pos=0 lim=322 cap=16665]
    DEBUG server comment - null   appBuffer: java.nio.DirectByteBuffer[pos=0 lim=33330 cap=33330]
    INFO server comment - ServerHandler.exceptionCaught[[any]:443:ip_address]: javax.net.ssl.SSLHandshakeException: SSL handshake failed.
    DEBUG server comment - null Closed: org.apache.mina.filter.support.SSLHandler@6c0ec436
    - - - - -
    javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
    What am I missing? or rather where did I go wrong?

    My keystore currently resembles this:
    Keystore type: JKS
    Keystore provider: SUN
    
    Your keystore contains 2 entries
    
    root, Jun 14, 2012, trustedCertEntry,
    Certificate fingerprint (MD5): B6:4C:...
    wowza, Jun 14, 2012, PrivateKeyEntry, 
    Certificate fingerprint (MD5): B9:A0:....
    Thanks in advance!

  2. #2

    Default

    I don't think this is a real error. It is just he message you get then an SSL HTTP session is stopped. So as long as HTTPS is working then this error is not a problem. It is normal.

    Charlie

Similar Threads

  1. Replies: 5
    Last Post: 07-31-2014, 09:44 AM
  2. /etc/pki/tls/cert.pem symlink missing in EC2 AMIs? (breaks wget)
    By aleonard in forum Wowza Media Server 3 for Amazon EC2 Discussion
    Replies: 6
    Last Post: 10-18-2013, 10:21 AM
  3. wildcard SSL certificate usage
    By toddaalgx in forum Server Administration Discussion
    Replies: 7
    Last Post: 04-16-2013, 11:55 PM
  4. Replies: 5
    Last Post: 11-25-2012, 08:56 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •