Wowza Community

wildcard SSL certificate usage

I have a wildcard SSL certificate that I’d like to add to my Wowza install. I followed the guide here: https://www.wowza.com/docs/how-to-request-an-ssl-certificate-from-a-certificate-authority, but only the parts about importing certificates and configuring VHOST.xml. I ran the following commands:

keytool -import -alias root -trustcacerts -file intermediate.crt -keystore ssl.mydomain.com.cert
keytool -import -alias wowza -trustcacerts -file mydomain.crt -keystore ssl.mydomain.com.cert

The first to add the CA’s certificate, and the second to add the certificate specific to my domain name.

In VHost.xml, I removed the comment tags from the SSL vhost. It was pretty much all ready to go, I just changed the KeyStorePath to reflect the same name I used above, and added my password to KeyStorePassword. I also changed the port from 443 to 4433.

Wowza starts up fine, but when I try to access the sever in the browser to simply return the version number I get nothing. I enabled DEBUG logging and am seeing “SSL handshake failed messages.” So something went wrong, I’m guessing in the import part. Can anyone give me any clues here?

Thanks!

What browser are you using? There is some problem with Chrome.

Richard

Great! Thanks for the update. This should help others.

Richard

Open /conf/log4j.properties file in a text editor, then in the top line, change “INFO” to “DEBUG”. This will increase logging about 10 fold and probably create too much noise to see what is important. In some cases it is useful, but more often it is not.

Richard

Richard,

I don’t think this is a browser problem. I’ve tried in IE8, FF and used a SSL checker utility found here: https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO9556

All do not work.

In doing a little more research, I have come across this: http://www.agentbob.info/agentbob/79-AB.html This writeup talks about importing an existing certificate that has already been created into a java keystore. This is the case I’m in. I have a wildcard certificate that was was generated from an openssl csr. If I follow these directions and then use keytool to import the root certificate I no longer get the “SSL handshake failed” message, but for some reason it still doesnt work. Here is what I get in the log:

INFO server comment - Wowza Media Server is started!
DEBUG server comment - open
INFO server comment - handshake0: 103
INFO server comment - handshake0: 110
DEBUG server comment - sessionClosed: send close
DEBUG server comment - sessionClosed: closeConnection: vhost:_defaultVHost_ clientId:1811777746
INFO session disconnect 1811777746 -
DEBUG server comment - ServerHandler.handleSessionIdle: isDidClose

Any other ideas?

Richard,

I got it work. I talked to RapidSSL about the issue and they directed me here: https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO17070&actp=search&viewlocale=en_US&searchid=1341956626144

On top of the openssl command, I did have to append the Equifax Secure Certificate Authority Root CA certificate to the bottom the RapidSSL intermediate CA file. I also had to change the SSLConfig/KeyStoreType to PKCS12.

How do you enable the debug logging?

That’s going to be really good. Till I would like to develop some addons…


GeoTrsut SSL Certificate