Results 1 to 5 of 5

Thread: Accessing streams via HTTPS not working

  1. #1

    Default Accessing streams via HTTPS not working

    Hello,

    Using Wowza streaming engine on AWS and streaming via regular HTTP is working with a DASH player. need to get it working via HTTPS.

    I followed the instructions in the "How to request an SSL certificate from a certificate authority" article, obtained and installed a cert and adjusted the VHost.xml file to uncomment the <!-- 440 with SSL --> section. Ensured that our DNS had sentryvidserv.us pointing at our AWS instance.

    Test player still works when using HTTP and the old port. Also works if I use http and the domain name:
    http://sentryvidserv.us:1935/mps/my-stream-name/manifest.f4m
    Also works if I use http and port 443 (which seems odd to me)
    http://sentryvidserv.us:443/mps/my-stream-name/manifest.f4m
    However, I cannot get any form of httpS to play a stream. I've tried 443 and 1935. MPEG-DASH and Adobe HDS. I feel like there must be a configuration step that was missed.

    Here are the commands I used:
    sudo keytool -genkey -keysize 2048 -alias wowza -keyalg RSA -keystore sentryvidserv.us.jks
    (gave it sentryvidserv.us as the first and last name)
    sudo keytool -certreq -file sentryvidserv.us.csr -alias wowza -keyalg RSA -keystore sentryvidserv.us.jks
    When I received the certs, I installed them:
    sudo keytool -import -alias root -trustcacerts -file DigiCertCA.crt -keystore sentryvidserv.us.jks
    sudo keytool -import -alias wowza -trustcacerts -file sentryvidserv_us.crt -keystore ssl.mycompany.com.jks
    Here is the result of keytool -list -keystore sentryvidserv.us.jks
    Enter keystore password:  
    
    Keystore type: JKS
    Keystore provider: SUN
    
    Your keystore contains 2 entries
    
    root, Oct 10, 2014, trustedCertEntry, 
    Certificate fingerprint (SHA1): 1F:B8:6B:11:68:........:71:A4:B7:CC:B4
    wowza, Oct 10, 2014, PrivateKeyEntry, 
    Certificate fingerprint (SHA1): 43:AF:E0:BC:26:.......:A8:CB:CA:54:02:2B:AE:70

    Here is the <Hostport> section of VHost.xml:
    <HostPort>
    				<Name>Default SSL Streaming</Name>
    				<Type>Streaming</Type>
    				<ProcessorCount>${com.wowza.wms.TuningAuto}</ProcessorCount>
    				<IpAddress>*</IpAddress>
    				<Port>443</Port>
    				<HTTPIdent2Response></HTTPIdent2Response>
    				<SSLConfig>
    					<KeyStorePath>${com.wowza.wms.context.VHostConfigHome}/conf/sentryvidserv.us.jks</KeyStorePath>
    					<KeyStorePassword>S3ntryK3ySt0re</KeyStorePassword>
    					<KeyStoreType>JKS</KeyStoreType>
    					<SSLProtocol>TLS</SSLProtocol>
    					<Algorithm>SunX509</Algorithm>
    					<CipherSuites></CipherSuites>
    					<Protocols></Protocols>
    				</SSLConfig>
    				<SocketConfiguration>
    					<ReuseAddress>true</ReuseAddress>
    					<ReceiveBufferSize>65000</ReceiveBufferSize>
    					<ReadBufferSize>65000</ReadBufferSize>
    					<SendBufferSize>65000</SendBufferSize>
    					<KeepAlive>true</KeepAlive>
    					<AcceptorBackLog>100</AcceptorBackLog>
    				</SocketConfiguration>
    				<HTTPStreamerAdapterIDs>cupertinostreaming,smoothstreaming,sanjosestreaming,dvrchunkstreaming,mpegdashstreaming</HTTPStreamerAdapterIDs>
    				<HTTPProviders>
    					<HTTPProvider>
    						<BaseClass>com.wowza.wms.http.HTTPCrossdomain</BaseClass>
    						<RequestFilters>*crossdomain.xml</RequestFilters>
    						<AuthenticationMethod>none</AuthenticationMethod>
    					</HTTPProvider>
    					<HTTPProvider>
    						<BaseClass>com.wowza.wms.http.HTTPClientAccessPolicy</BaseClass>
    						<RequestFilters>*clientaccesspolicy.xml</RequestFilters>
    						<AuthenticationMethod>none</AuthenticationMethod>
    					</HTTPProvider>
    					<HTTPProvider>
    						<BaseClass>com.wowza.wms.http.HTTPProviderMediaList</BaseClass>
    						<RequestFilters>*jwplayer.rss|*jwplayer.smil|*medialist.smil|*manifest-rtmp.f4m</RequestFilters>
    						<AuthenticationMethod>none</AuthenticationMethod>
    					</HTTPProvider>
    					<HTTPProvider>
    						<BaseClass>com.wowza.wms.http.HTTPServerVersion</BaseClass>
    						<RequestFilters>*</RequestFilters>
    						<AuthenticationMethod>none</AuthenticationMethod>
    					</HTTPProvider>
    				</HTTPProviders>
    			</HostPort>
    What else needs to be done to enable streaming over HTTPS??

    Many thanks,
    Dave

  2. #2

    Default

    Hello there and welcome to the Wowza support forum.

    I am sorry I dont have much to offer here as I have not set this up myself. But looking closely at the guide and what you have shown, all I can see that is different is the "ssl" in the command lines.
    What you have:
    sudo keytool -genkey -keysize 2048 -alias wowza -keyalg RSA -keystore sentryvidserv.us.jks
    What the guide shows:
    keytool -certreq -file ssl.mycompany.com.csr -alias wowza -keyalg RSA -keystore ssl.mycompany.com.jks
    I notice you omitted the "ssl" part in most of the command lines, and included it on one.

    Also, in the VHost you have:
    <KeyStorePath>${com.wowza.wms.context.VHostConfigHome}/conf/sentryvidserv.us.jks</KeyStorePath>
    And the guide mentions:
    ${com.wowza.wms.context.VHostConfigHome}/conf/ssl.mycompany.com.jks
    Lastly, the guide provides a link to a troubleshooting guide:
    A bug in the Oracle Java Development Kit (JDK) affects connections that use Secure Sockets Layer (SSL) certificates. Occasionally the SSL handshake fails during Diffie-Hellman key exchange and the connection hangs. For more information, see How to fix intermittent HTTP/SSL failure (padding exception).

    Again, I apologize for not having more to offer. If you still need help and no one from support has replied you could open a support ticket by zipping the following directories and sending them to support@wowza.com
    [install-dir]/conf
    [install-dir]/logs
    [install-dir]/transcoder
    [install-dir]/manager/logs


    Kind regards,

    Salvadore

  3. #3

    Default

    You are very observant Savadore!

    Thanks much for your input. I do believe that sentryvid.serv.us (without the SSL) is correct for us, but I am not 100% sure. I have a support ticket open. Looking through my command history you might be right that I included the ssl. in front of the keystore on the import of the "wowza" cert. I will re-try and see if it helps.

    Thanks,
    Dave

  4. #4
    Join Date
    Mar 2016
    Posts
    5

    Default

    How do you have resolve this? I have the same probs

    Thanks

  5. #5

    Default

    Hi,

    This is a rather old ticket and may or may not be relevant to the issue you are experiencing. I would suggest that you open a support ticket with us and include the steps you've taken and we can look at your specific workflow. Include a zip of your /conf and /logs too.


    Paul

Similar Threads

  1. Mediacache BasePath not working with https
    By MARY2006 in forum AddOn: Other AddOns
    Replies: 2
    Last Post: 12-26-2012, 12:28 PM
  2. Authentication for accessing private S3 files not working
    By amagee in forum Wowza Media Server 3 for Amazon EC2 Discussion
    Replies: 14
    Last Post: 05-29-2012, 01:28 PM
  3. how to block other site from accessing my live streams
    By romeogaspar in forum General Forum
    Replies: 2
    Last Post: 05-13-2012, 04:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •