openmeetings-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bart Coninckx <bart.conin...@telenet.be>
Subject Re: RTMPS woes
Date Tue, 29 Jan 2013 14:28:43 GMT
One last thing I'd like to report: the RTMPS and HTTPS setup with an 
official certificat does NOT work for Flash under Linux.
It works fine on Windows however.

Thx,

BC

On 01/29/13 02:46, Maxim Solodovnik wrote:
> great you have things working :)
> the absolute path should not be necessary, relative works for me :)
>
>
> On Tue, Jan 29, 2013 at 4:44 AM, Stephen Cottham 
> <Stephen.Cottham@robertbird.com.au 
> <mailto:Stephen.Cottham@robertbird.com.au>> wrote:
>
>     Yes you can simply copy the keystore to keystore.screen that works
>     fine.
>
>     Sent from my iPhone
>
>     On 28 Jan 2013, at 21:42, "Bart Coninckx"
>     <bart.coninckx@telenet.be <mailto:bart.coninckx@telenet.be>> wrote:
>
>>     Thx Stephen,
>>
>>     I think I got it - I made a self signed certificate as mentionned
>>     on http://gregoire.org/2008/05/26/rtmps-in-red5/
>>
>>     Next I did the changes as described and restarted red5. I did a
>>     tcpdump on  5443 and I see packets going back and forth.
>>
>>     The next challenge is to replace the self signed cert by a
>>     wildcard Apache certificate I have lying around.
>>
>>     The docs mention doing the same for keystore.screen (apparently
>>     for screen sharing). What would keep me from simply copying
>>     keystore to keystore.screen?
>>
>>
>>     Cheers,
>>     BC
>>
>>
>>
>>     On 01/28/13 22:31, Stephen Cottham wrote:
>>>
>>>     OM 2.1 and 2.0 definitely works with SSL and RTMPS – I wouldn’t
>>>     give up on trying to get that working at this stage, can you run
>>>     the OM instance using this script
>>>
>>>     ./Red5-debug.sh
>>>
>>>     Then can you see anything in the start-up that may shed some
>>>     light on the issue?
>>>
>>>     Im assuming that your build works without SSL? So we can rule
>>>     that out?
>>>
>>>     What distro are you running on?
>>>
>>>     You can check out the install guide here just to check each step:
>>>
>>>     https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools
>>>
>>>     ·Installing OM2.x On Debian64 - Headless
>>>
>>>     ·Installing OM2.x On Ubuntu64 - Headless
>>>
>>>     ·Installing OM2.x On Ubuntu64 - Headless - v12.10
>>>
>>>     The later section of the guides has the https and rtmps and some
>>>     info on reverse proxy.
>>>
>>>     I will run thru the guide step by step tomo using my cert to
>>>     confirm is still working as normal, I need to update the SVN
>>>     links anyways.
>>>
>>>     Cheers
>>>
>>>     *Stephen Cottham*
>>>
>>>     *
>>>     *Group IT Manager (Associate)
>>>
>>>     Robert Bird Group
>>>     Level 5, 333 Ann St
>>>     Brisbane, Queensland, 4000, Australia
>>>
>>>     *Phone: +6173 319 2777 (AUS)*
>>>
>>>     *Phone: +44207 633 2880 (UK)*
>>>
>>>     *Fax: +6173 319 2799*
>>>
>>>     **
>>>
>>>     *Mobile: +61400 756 963 (AUS)*
>>>
>>>     *Mobile:  +447900 918 616 (UK)*
>>>
>>>     *Web: **www.robertbird.com* <http://www.robertbird.com/>
>>>
>>>     <http://www.robertbird.com.au/><http://www.robertbird.com.au/>
>>>
>>>     This email and any attachments are confidential and may contain
>>>     legally privileged information or copyright material. Unless
>>>     expressly stated, confidentiality and/or legal privilege is not
>>>     intended to be waived by the sending of this email. The contents
>>>     of this email, including any attachments, are intended solely
>>>     for the use of the individual or entity to whom they are
>>>     addressed. If you are not an intended recipient, please contact
>>>     us immediately by return email and then delete both messages.
>>>     You may not otherwise read, forward, copy, use or disclose this
>>>     email or any attachments. Any views expressed in this email are
>>>     those of the individual sender except where the sender
>>>     expressly, and with authority, states otherwise. It is your
>>>     responsibility to check any attachments for viruses or defects
>>>     before opening or sending them on. None of the sender or its
>>>     related entities accepts any liability for any consequential
>>>     damage resulting from this email containing computer viruses.
>>>
>>>
>>>     Disclaimer added by *CodeTwo Exchange Rules*
>>>     www.codetwo.com <http://www.codetwo.com>
>>>
>>>     *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
>>>     *Sent:* 28 January 2013 20:57
>>>     *To:* user@openmeetings.apache.org
>>>     <mailto:user@openmeetings.apache.org>
>>>     *Subject:* Re: RTMPS woes
>>>
>>>     Wait a sec, I just read that RTMPS IS RTMPT over SSL !!
>>>
>>>     Will do some morge digging into combining things with a reversed
>>>     SSL proxy. I also saw pages using Stunnel, which is an ugly hack
>>>     but if it works ...
>>>
>>>
>>>     BC
>>>
>>>
>>>     On 01/28/13 21:48, Bart Coninckx wrote:
>>>
>>>         Hi Stephen,
>>>
>>>         thx !
>>>
>>>         tried both self-signed and an official one. Tried just one
>>>         browser as we standardize to that browser (Internet Explorer).
>>>         Getting RTMPS to work seems to be a daunting task.
>>>         I'm trying to get it to work differently by looking at RTMPT
>>>         and a SSL reversed proxy. Unfortunately a SSL/TLS version of
>>>         RTMPT does not seem to exist, unless RTMPS does also a
>>>         secured version of RTMPT.
>>>         And then there is the challenge to get the Flash app to use
>>>         the SSL version of RTMPT. By closing port 1935 RTMPT on 8088
>>>         is automatically used, but clear text.
>>>
>>>         *sigh*
>>>
>>>         BC
>>>
>>>
>>>
>>>         On 01/28/13 21:01, Stephen Cottham wrote:
>>>
>>>             Hey Bart,
>>>
>>>             Are you using a self-signed certificate by chance?
>>>
>>>             have you tried different browsers?
>>>
>>>             Using self-signed certs we have seen problems like this
>>>             in a few browsers before, (if your using Windows you can
>>>             import the self-signed cert into the trusted repo and
>>>             try again this has resolved some issues before)
>>>
>>>             I don’t believe you need to set the path to the cert
>>>             explicitly in red5-core.xml like you are saying below, I
>>>             have this working on 2.0 and 2.1 without issues (using a
>>>             legit cert) and have had mixed results using a
>>>             self-signed and had some issues with Mozilla and chrome
>>>             using their sandbox with both.
>>>
>>>             Best Regards
>>>
>>>             *Stephen Cottham**
>>>             *Group IT Manager (Associate)
>>>
>>>             Robert Bird Group
>>>             Level 5, 333 Ann St
>>>             Brisbane, Queensland, 4000, Australia
>>>
>>>             *Phone: +6173 319 2777 (AUS)*
>>>
>>>             *Phone: +44207 633 2880 (UK)*
>>>
>>>             *Fax: +6173 319 2799*
>>>
>>>             *Mobile: +61400 756 963 (AUS)*
>>>
>>>             *Mobile: +447900 918 616 (UK)*
>>>
>>>             *Web: **www.robertbird.com* <http://www.robertbird.com/>
>>>
>>>             <mime-attachment.gif> <http://www.robertbird.com.au/>
>>>
>>>
>>>
>>>             This email and any attachments are confidential and may
>>>             contain legally privileged information or copyright
>>>             material. Unless expressly stated, confidentiality
>>>             and/or legal privilege is not intended to be waived by
>>>             the sending of this email. The contents of this email,
>>>             including any attachments, are intended solely for the
>>>             use of the individual or entity to whom they are
>>>             addressed. If you are not an intended recipient, please
>>>             contact us immediately by return email and then delete
>>>             both messages. You may not otherwise read, forward,
>>>             copy, use or disclose this email or any attachments. Any
>>>             views expressed in this email are those of the
>>>             individual sender except where the sender expressly, and
>>>             with authority, states otherwise. It is your
>>>             responsibility to check any attachments for viruses or
>>>             defects before opening or sending them on. None of the
>>>             sender or its related entities accepts any liability for
>>>             any consequential damage resulting from this email
>>>             containing computer viruses.
>>>
>>>             <mime-attachment.png>
>>>
>>>
>>>             Disclaimer added by *CodeTwo Exchange Rules*
>>>             www.codetwo.com <http://www.codetwo.com>
>>>
>>>             *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
>>>             *Sent:* 28 January 2013 19:42
>>>             *To:* openmeetings-user@incubator.apache.org
>>>             <mailto:openmeetings-user@incubator.apache.org>
>>>             *Subject:* Re: RTMPS woes
>>>
>>>             Well, it did seem to be an effect of the path: the error
>>>             message disappeared once I changed
>>>
>>>             <property name="keystoreFile" value="conf/keystore">
>>>             into
>>>             <property name="keystoreFile"
>>>             value="/data/openmeetings/conf/keystore">
>>>
>>>             in red5-core.xml
>>>
>>>             This reflects the real path on my server. Some one might
>>>             want to add this to the documentation.
>>>
>>>             The situation now is like this gentleman describes:
>>>
>>>             https://issues.apache.org/jira/browse/OPENMEETINGS-500
>>>
>>>             I can't shake the feeling the documentation is missing
>>>             something ...
>>>
>>>
>>>             BC
>>>
>>>
>>>
>>>             On 01/28/13 00:49, Bart Coninckx wrote:
>>>
>>>                 One addition: I installed in /data/openmeetings, but
>>>                 I had this reflected in the init.d script that
>>>                 starts OpenMeetings. I hope that is OK?
>>>
>>>                 BC
>>>
>>>                 On 01/28/13 00:47, Bart Coninckx wrote:
>>>
>>>                     Hi all,
>>>
>>>                     been trying to get SSL rolling following the
>>>                     docs on
>>>                     http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
>>>
>>>
>>>                     I doublechecked everything but conecting to the
>>>                     OM site produces a "try 1", "try 2" etc and ends
>>>                     in NetConnection.Connect.Failed
>>>
>>>                     The red5 console says:
>>>
>>>                     [WARN] [NioProcessor-19]
>>>                     org.red5.server.net.rtmps.RTMPSMinaIoHandler -
>>>                     Exception caught Keystore or password are null
>>>
>>>                     the keystore is in "RED5_HOME"/conf and the
>>>                     passwords works.
>>>
>>>                     While capturing the packets I see a lot on 443,
>>>                     so HTTPS seems OK and jsut a fiew on 5443, so my
>>>                     guess is that RTMPS has a problem.
>>>
>>>
>>>                     The only step I did not do in the docu was:
>>>
>>>                     7. Create additional certificate as described
>>>                     above. Add this certificate to the following
>>>                     keystores: red5/conf/keystore.screen and
>>>                     red5/conf/keystore.
>>>
>>>                     as it is not very clear. Do you need to create a
>>>                     new CSR and next a new CRT? Because that makes
>>>                     no sense. Or do I need a new keystore named
>>>                     keystore.screen and import the same certificates?
>>>
>>>                     Thx for clarifying this,
>>>
>>>                     BC
>>>
>>>
>>>
>>>
>>
>
>
>
> -- 
> WBR
> Maxim aka solomax


Mime
View raw message