Wowza Community

Setting up Wowza on secure port only (SSL cert/HTTPS)

We are trying to move our Wowza streaming port from 80 to 443, from an un secure port to a secure port.

I setup the keystore with our official certificate and configured it, and we can publish to 80 and playback from 443 with no errors. The issue arises when we also try to switch publishing to port 443. We do have source security (username/password authentication) setup, and that is working fine on port 80.

When we try to publish from the GoCoder app to port 443, it hangs/freezes, either needing to be killed or have the phone restarted/crash. No unusual logs in the logfile. Again, the same settings work fine on port 80.

When we try to publish from Wirecast to port 443, we tried two cases. Both are configured for RTMP Server, FMLE/3.0 with username and password.

  • Streaming to rtmp://site.example.com:443/live, we eventually get “Cannot connect to the RTMP/FLASH server at the given IP address. Verify the server is reachable at the given address. [-4018]”

  • Streaming to rtmps://site.example.com:443/live, we immediately get “You are not currently authenticated. Please go to the Output Settings dialog to authenticate to your destination and try again.”

    Again, nothing in the logfile, and again, the first configuration publishes perfectly to port 80, and we can view the playback from port 443.

    While we could switch to using port 80 for incoming publishing and port 443 to outgoing streaming, we want to close port 80. Is this possible with the GoCoder App and other common streaming solutions, such as Wirecast? Is there a configuration I am missing, that would stop publishing while still allowing streaming? Any help is appreciated!

    Port configuration:

    <HostPort>
    	<Name>Default SSL Streaming</Name>
    	<Type>Streaming</Type>
    	<ProcessorCount>${com.wowza.wms.TuningAuto}</ProcessorCount>
    	<IpAddress>*</IpAddress>
    	<Port>443</Port>
    	<HTTPIdent2Response></HTTPIdent2Response>
    	<SSLConfig>
    		<KeyStorePath>${com.wowza.wms.context.VHostConfigHome}/conf/ssl.keystore.jks</KeyStorePath>
    		<KeyStorePassword>passwordhere</KeyStorePassword>
    		<KeyStoreType>JKS</KeyStoreType>
    		<SSLProtocol>TLS</SSLProtocol>
    		<Algorithm>SunX509</Algorithm>
    		<CipherSuites></CipherSuites>
    		<Protocols></Protocols>
    	</SSLConfig>
    	<SocketConfiguration>
    		<ReuseAddress>true</ReuseAddress>
    		<ReceiveBufferSize>65000</ReceiveBufferSize>
    		<ReadBufferSize>65000</ReadBufferSize>
    		<SendBufferSize>65000</SendBufferSize>
    		<KeepAlive>true</KeepAlive>
    		<AcceptorBackLog>100</AcceptorBackLog>
    	</SocketConfiguration>
    	<HTTPStreamerAdapterIDs>cupertinostreaming,smoothstreaming,sanjosestreaming,dvrchunkstreaming,mpegdashstreaming</HTTPStreamerAdapterIDs>
    	<HTTPProviders>
    		<HTTPProvider>
    			<BaseClass>com.wowza.wms.http.HTTPCrossdomain</BaseClass>
    			<RequestFilters>*crossdomain.xml</RequestFilters>
    			<AuthenticationMethod>none</AuthenticationMethod>
    		</HTTPProvider>
    		<HTTPProvider>
    			<BaseClass>com.wowza.wms.http.HTTPClientAccessPolicy</BaseClass>
    			<RequestFilters>*clientaccesspolicy.xml</RequestFilters>
    			<AuthenticationMethod>none</AuthenticationMethod>
    		</HTTPProvider>
    		<HTTPProvider>
    			<BaseClass>com.wowza.wms.http.HTTPProviderMediaList</BaseClass>
    			<RequestFilters>*jwplayer.rss|*jwplayer.smil|*medialist.smil|*manifest-rtmp.f4m</RequestFilters>
    			<AuthenticationMethod>none</AuthenticationMethod>
    		</HTTPProvider>
    		<HTTPProvider>
    			<BaseClass>com.wowza.wms.http.HTTPServerVersion</BaseClass>
    			<RequestFilters>*</RequestFilters>
    			<AuthenticationMethod>none</AuthenticationMethod>
    		</HTTPProvider>
    	</HTTPProviders>
    </HostPort>
    
    

    UPDATE:

    For those of you who are attempting similar pursuits, I opened a ticket and have been informed that this is not currently supported. Hope it saves you some time!