Wowza Community

Wowza 3 and SSL with a wildcard cert

Over the past few days I have tried to enable SSL over port 443 on my Wowza 3 (3.0.5 build1220) Server. I used this tutorial to get started:

https://www.wowza.com/docs/how-to-request-an-ssl-certificate-from-a-certificate-authority

and ran into the issue of the private key not matching the cert because I need to use the key that I already have.

So then I followed another how-to that used my current key and turns it into a java keystore and then used that keystore with keytool to import my root CA and my wildcard cert. I know this is possible because I use the same method for my email servers Jetty keystore. Everything seemed to work correctly until I restarted Wowza with debug logging turned on and tried to hit the HTTProvider run on port 443, or any application stream on port 443.

In the logs I see the SSL handshake start and then fail:

DEBUG server comment - null doHandshake()
DEBUG server comment - null  handshakeStatus=NEED_UNWRAP
DEBUG server comment - null unwrapHandshake()
DEBUG server comment - null   inNetBuffer: java.nio.DirectByteBuffer[pos=0 lim=322 cap=16665]
DEBUG server comment - null   appBuffer: java.nio.DirectByteBuffer[pos=0 lim=33330 cap=33330]
INFO server comment - ServerHandler.exceptionCaught[[any]:443:ip_address]: javax.net.ssl.SSLHandshakeException: SSL handshake failed.
DEBUG server comment - null Closed: org.apache.mina.filter.support.SSLHandler@6c0ec436
- - - - -
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

What am I missing? or rather where did I go wrong?

My keystore currently resembles this:

Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
root, Jun 14, 2012, trustedCertEntry,
Certificate fingerprint (MD5): B6:4C:...
wowza, Jun 14, 2012, PrivateKeyEntry, 
Certificate fingerprint (MD5): B9:A0:....

Thanks in advance!

I don’t think this is a real error. It is just he message you get then an SSL HTTP session is stopped. So as long as HTTPS is working then this error is not a problem. It is normal.

Charlie