openmeetings-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bart Coninckx <bart.conin...@telenet.be>
Subject Re: RTMPS woes
Date Mon, 28 Jan 2013 21:41:22 GMT
Thx Stephen,

I think I got it - I made a self signed certificate as mentionned on 
http://gregoire.org/2008/05/26/rtmps-in-red5/

Next I did the changes as described and restarted red5. I did a tcpdump 
on  5443 and I see packets going back and forth.

The next challenge is to replace the self signed cert by a wildcard 
Apache certificate I have lying around.

The docs mention doing the same for keystore.screen (apparently for 
screen sharing). What would keep me from simply copying keystore to 
keystore.screen?


Cheers,
BC



On 01/28/13 22:31, Stephen Cottham wrote:
>
> OM 2.1 and 2.0 definitely works with SSL and RTMPS -- I wouldn't give 
> up on trying to get that working at this stage, can you run the OM 
> instance using this script
>
> ./Red5-debug.sh
>
> Then can you see anything in the start-up that may shed some light on 
> the issue?
>
> Im assuming that your build works without SSL? So we can rule that out?
>
> What distro are you running on?
>
> You can check out the install guide here just to check each step:
>
> https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools
>
> ·Installing OM2.x On Debian64 - Headless
>
> ·Installing OM2.x On Ubuntu64 - Headless
>
> ·Installing OM2.x On Ubuntu64 - Headless - v12.10
>
> The later section of the guides has the https and rtmps and some info 
> on reverse proxy.
>
> I will run thru the guide step by step tomo using my cert to confirm 
> is still working as normal, I need to update the SVN links anyways.
>
> Cheers
>
> *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
> *Sent:* 28 January 2013 20:57
> *To:* user@openmeetings.apache.org
> *Subject:* Re: RTMPS woes
>
> Wait a sec, I just read that RTMPS IS RTMPT over SSL !!
>
> Will do some morge digging into combining things with a reversed SSL 
> proxy. I also saw pages using Stunnel, which is an ugly hack but if it 
> works ...
>
>
> BC
>
>
> On 01/28/13 21:48, Bart Coninckx wrote:
>
>     Hi Stephen,
>
>     thx !
>
>     tried both self-signed and an official one. Tried just one browser
>     as we standardize to that browser (Internet Explorer).
>     Getting RTMPS to work seems to be a daunting task.
>     I'm trying to get it to work differently by looking at RTMPT and a
>     SSL reversed proxy. Unfortunately a SSL/TLS version of RTMPT does
>     not seem to exist, unless RTMPS does also a secured version of RTMPT.
>     And then there is the challenge to get the Flash app to use the
>     SSL version of RTMPT. By closing port 1935 RTMPT on 8088 is
>     automatically used, but clear text.
>
>     *sigh*
>
>     BC
>
>
>
>     On 01/28/13 21:01, Stephen Cottham wrote:
>
>         Hey Bart,
>
>         Are you using a self-signed certificate by chance?
>
>         have you tried different browsers?
>
>         Using self-signed certs we have seen problems like this in a
>         few browsers before, (if your using Windows you can import the
>         self-signed cert into the trusted repo and try again this has
>         resolved some issues before)
>
>         I don't believe you need to set the path to the cert
>         explicitly in red5-core.xml like you are saying below, I have
>         this working on 2.0 and 2.1 without issues (using a legit
>         cert) and have had mixed results using a self-signed and had
>         some issues with Mozilla and chrome using their sandbox with both.
>
>         Best Regards
>
>         *Stephen Cottham**
>         *Group IT Manager (Associate)
>
>         Robert Bird Group
>         Level 5, 333 Ann St
>         Brisbane, Queensland, 4000, Australia
>
>         *Phone: +6173 319 2777 (AUS)*
>
>         *Phone: +44207 633 2880 (UK)*
>
>         *Fax: +6173 319 2799*
>
>         *Mobile: +61400 756 963 (AUS)*
>
>         *Mobile: +447900 918 616 (UK)*
>
>         *Web: **www.robertbird.com* <http://www.robertbird.com/>
>
>         <http://www.robertbird.com.au/>
>
>         This email and any attachments are confidential and may
>         contain legally privileged information or copyright material.
>         Unless expressly stated, confidentiality and/or legal
>         privilege is not intended to be waived by the sending of this
>         email. The contents of this email, including any attachments,
>         are intended solely for the use of the individual or entity to
>         whom they are addressed. If you are not an intended recipient,
>         please contact us immediately by return email and then delete
>         both messages. You may not otherwise read, forward, copy, use
>         or disclose this email or any attachments. Any views expressed
>         in this email are those of the individual sender except where
>         the sender expressly, and with authority, states otherwise. It
>         is your responsibility to check any attachments for viruses or
>         defects before opening or sending them on. None of the sender
>         or its related entities accepts any liability for any
>         consequential damage resulting from this email containing
>         computer viruses.
>
>
>         Disclaimer added by *CodeTwo Exchange Rules*
>         www.codetwo.com <http://www.codetwo.com>
>
>         *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
>         *Sent:* 28 January 2013 19:42
>         *To:* openmeetings-user@incubator.apache.org
>         <mailto:openmeetings-user@incubator.apache.org>
>         *Subject:* Re: RTMPS woes
>
>         Well, it did seem to be an effect of the path: the error
>         message disappeared once I changed
>
>         <property name="keystoreFile" value="conf/keystore">
>         into
>         <property name="keystoreFile"
>         value="/data/openmeetings/conf/keystore">
>
>         in red5-core.xml
>
>         This reflects the real path on my server. Some one might want
>         to add this to the documentation.
>
>         The situation now is like this gentleman describes:
>
>         https://issues.apache.org/jira/browse/OPENMEETINGS-500
>
>         I can't shake the feeling the documentation is missing
>         something ...
>
>
>         BC
>
>
>
>         On 01/28/13 00:49, Bart Coninckx wrote:
>
>             One addition: I installed in /data/openmeetings, but I had
>             this reflected in the init.d script that starts
>             OpenMeetings. I hope that is OK?
>
>             BC
>
>             On 01/28/13 00:47, Bart Coninckx wrote:
>
>                 Hi all,
>
>                 been trying to get SSL rolling following the docs on
>                 http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
>
>
>                 I doublechecked everything but conecting to the OM
>                 site produces a "try 1", "try 2" etc and ends in
>                 NetConnection.Connect.Failed
>
>                 The red5 console says:
>
>                 [WARN] [NioProcessor-19]
>                 org.red5.server.net.rtmps.RTMPSMinaIoHandler -
>                 Exception caught Keystore or password are null
>
>                 the keystore is in "RED5_HOME"/conf and the passwords
>                 works.
>
>                 While capturing the packets I see a lot on 443, so
>                 HTTPS seems OK and jsut a fiew on 5443, so my guess is
>                 that RTMPS has a problem.
>
>
>                 The only step I did not do in the docu was:
>
>                 7. Create additional certificate as described above.
>                 Add this certificate to the following keystores:
>                 red5/conf/keystore.screen and red5/conf/keystore.
>
>                 as it is not very clear. Do you need to create a new
>                 CSR and next a new CRT? Because that makes no sense.
>                 Or do I need a new keystore named keystore.screen and
>                 import the same certificates?
>
>                 Thx for clarifying this,
>
>                 BC
>
>
>
>


Mime
View raw message