Results 1 to 8 of 8

Thread: wildcard SSL certificate usage

  1. #1

    Default wildcard SSL certificate usage

    I have a wildcard SSL certificate that I'd like to add to my Wowza install. I followed the guide here: http://www.wowza.com/forums/content.php?128, but only the parts about importing certificates and configuring VHOST.xml. I ran the following commands:

    keytool -import -alias root -trustcacerts -file intermediate.crt -keystore ssl.mydomain.com.cert
    keytool -import -alias wowza -trustcacerts -file mydomain.crt -keystore ssl.mydomain.com.cert
    The first to add the CA's certificate, and the second to add the certificate specific to my domain name.

    In VHost.xml, I removed the comment tags from the SSL vhost. It was pretty much all ready to go, I just changed the KeyStorePath to reflect the same name I used above, and added my password to KeyStorePassword. I also changed the port from 443 to 4433.

    Wowza starts up fine, but when I try to access the sever in the browser to simply return the version number I get nothing. I enabled DEBUG logging and am seeing "SSL handshake failed messages." So something went wrong, I'm guessing in the import part. Can anyone give me any clues here?

    Thanks!

  2. #2
    Join Date
    Dec 2007
    Posts
    22,013

    Default

    What browser are you using? There is some problem with Chrome.

    Richard

  3. #3

    Default

    Richard,

    I don't think this is a browser problem. I've tried in IE8, FF and used a SSL checker utility found here: https://knowledge.rapidssl.com/suppo...tent&id=SO9556

    All do not work.

    In doing a little more research, I have come across this: http://www.agentbob.info/agentbob/79-AB.html This writeup talks about importing an existing certificate that has already been created into a java keystore. This is the case I'm in. I have a wildcard certificate that was was generated from an openssl csr. If I follow these directions and then use keytool to import the root certificate I no longer get the "SSL handshake failed" message, but for some reason it still doesnt work. Here is what I get in the log:

    INFO server comment - Wowza Media Server is started!
    DEBUG server comment - open
    INFO server comment - handshake0: 103
    INFO server comment - handshake0: 110
    DEBUG server comment - sessionClosed: send close
    DEBUG server comment - sessionClosed: closeConnection: vhost:_defaultVHost_ clientId:1811777746
    INFO session disconnect 1811777746 -
    DEBUG server comment - ServerHandler.handleSessionIdle: isDidClose
    Any other ideas?

  4. #4

    Default

    Richard,

    I got it work. I talked to RapidSSL about the issue and they directed me here: https://knowledge.rapidssl.com/suppo...=1341956626144

    On top of the openssl command, I did have to append the Equifax Secure Certificate Authority Root CA certificate to the bottom the RapidSSL intermediate CA file. I also had to change the SSLConfig/KeyStoreType to PKCS12.

  5. #5
    Join Date
    Dec 2007
    Posts
    22,013

    Default

    Great! Thanks for the update. This should help others.

    Richard

  6. #6
    Join Date
    Jul 2012
    Posts
    7

    Default

    How do you enable the debug logging?

  7. #7
    Join Date
    Dec 2007
    Posts
    22,013

    Default

    Open /conf/log4j.properties file in a text editor, then in the top line, change "INFO" to "DEBUG". This will increase logging about 10 fold and probably create too much noise to see what is important. In some cases it is useful, but more often it is not.

    Richard

  8. #8

    Default

    That's going to be really good. Till I would like to develop some addons...

    _________________
    GeoTrsut SSL Certificate

Similar Threads

  1. configuring wowza3 with wildcard certificate for RTMPS support
    By sundeep in forum Wowza Media Server 3 for Amazon EC2 Discussion
    Replies: 12
    Last Post: 09-11-2012, 09:15 AM
  2. Wowza 3 and SSL with a wildcard cert
    By glitch23 in forum Server Administration Discussion
    Replies: 1
    Last Post: 06-18-2012, 05:04 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •