openmeetings-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bart Coninckx <bart.conin...@telenet.be>
Subject Re: RTMPS woes
Date Tue, 29 Jan 2013 14:48:21 GMT
OpenSuse 12.2
Chrome 15.0.874.106 + Firefox 18.0 + Opera 12.2
Flash 11.2.r202

BC

On 01/29/13 15:31, Stephen Cottham wrote:
>
> What version of Linux, Browser and Flash are you using?
>
> *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
> *Sent:* 29 January 2013 14:29
> *To:* Maxim Solodovnik
> *Cc:* user
> *Subject:* Re: RTMPS woes
>
> One last thing I'd like to report: the RTMPS and HTTPS setup with an 
> official certificat does NOT work for Flash under Linux.
> It works fine on Windows however.
>
> Thx,
>
> BC
>
> On 01/29/13 02:46, Maxim Solodovnik wrote:
>
>     great you have things working :)
>
>     the absolute path should not be necessary, relative works for me :)
>
>     On Tue, Jan 29, 2013 at 4:44 AM, Stephen Cottham
>     <Stephen.Cottham@robertbird.com.au
>     <mailto:Stephen.Cottham@robertbird.com.au>> wrote:
>
>     Yes you can simply copy the keystore to keystore.screen that works
>     fine.
>
>     Sent from my iPhone
>
>
>     On 28 Jan 2013, at 21:42, "Bart Coninckx"
>     <bart.coninckx@telenet.be <mailto:bart.coninckx@telenet.be>> wrote:
>
>         Thx Stephen,
>
>         I think I got it - I made a self signed certificate as
>         mentionned on http://gregoire.org/2008/05/26/rtmps-in-red5/
>
>         Next I did the changes as described and restarted red5. I did
>         a tcpdump on  5443 and I see packets going back and forth.
>
>         The next challenge is to replace the self signed cert by a
>         wildcard Apache certificate I have lying around.
>
>         The docs mention doing the same for keystore.screen
>         (apparently for screen sharing). What would keep me from
>         simply copying keystore to keystore.screen?
>
>
>         Cheers,
>         BC
>
>
>
>         On 01/28/13 22:31, Stephen Cottham wrote:
>
>             OM 2.1 and 2.0 definitely works with SSL and RTMPS – I
>             wouldn’t give up on trying to get that working at this
>             stage, can you run the OM instance using this script
>
>             ./Red5-debug.sh
>
>             Then can you see anything in the start-up that may shed
>             some light on the issue?
>
>             Im assuming that your build works without SSL? So we can
>             rule that out?
>
>             What distro are you running on?
>
>             You can check out the install guide here just to check
>             each step:
>
>             https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools
>
>             ·Installing OM2.x On Debian64 - Headless
>
>             ·Installing OM2.x On Ubuntu64 - Headless
>
>             ·Installing OM2.x On Ubuntu64 - Headless - v12.10
>
>             The later section of the guides has the https and rtmps
>             and some info on reverse proxy.
>
>             I will run thru the guide step by step tomo using my cert
>             to confirm is still working as normal, I need to update
>             the SVN links anyways.
>
>             Cheers
>
>             *Stephen Cottham*
>
>             *
>             *Group IT Manager (Associate)
>
>             Robert Bird Group
>             Level 5, 333 Ann St
>             Brisbane, Queensland, 4000, Australia
>
>             *Phone: +6173 319 2777 (AUS)*
>
>             *Phone: +44207 633 2880 (UK)*
>
>             *Fax: +6173 319 2799*
>
>             *Mobile: +61400 756 963 (AUS)*
>
>             *Mobile: +447900 918 616 (UK)*
>
>             *Web: **www.robertbird.com* <http://www.robertbird.com/>
>
>             <http://www.robertbird.com.au/>
>
>             This email and any attachments are confidential and may
>             contain legally privileged information or copyright
>             material. Unless expressly stated, confidentiality and/or
>             legal privilege is not intended to be waived by the
>             sending of this email. The contents of this email,
>             including any attachments, are intended solely for the use
>             of the individual or entity to whom they are addressed. If
>             you are not an intended recipient, please contact us
>             immediately by return email and then delete both messages.
>             You may not otherwise read, forward, copy, use or disclose
>             this email or any attachments. Any views expressed in this
>             email are those of the individual sender except where the
>             sender expressly, and with authority, states otherwise. It
>             is your responsibility to check any attachments for
>             viruses or defects before opening or sending them on. None
>             of the sender or its related entities accepts any
>             liability for any consequential damage resulting from this
>             email containing computer viruses.
>
>
>             Disclaimer added by *CodeTwo Exchange Rules*
>             www.codetwo.com <http://www.codetwo.com>
>
>             *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
>             *Sent:* 28 January 2013 20:57
>             *To:* user@openmeetings.apache.org
>             <mailto:user@openmeetings.apache.org>
>             *Subject:* Re: RTMPS woes
>
>             Wait a sec, I just read that RTMPS IS RTMPT over SSL !!
>
>             Will do some morge digging into combining things with a
>             reversed SSL proxy. I also saw pages using Stunnel, which
>             is an ugly hack but if it works ...
>
>
>             BC
>
>
>             On 01/28/13 21:48, Bart Coninckx wrote:
>
>                 Hi Stephen,
>
>                 thx !
>
>                 tried both self-signed and an official one. Tried just
>                 one browser as we standardize to that browser
>                 (Internet Explorer).
>                 Getting RTMPS to work seems to be a daunting task.
>                 I'm trying to get it to work differently by looking at
>                 RTMPT and a SSL reversed proxy. Unfortunately a
>                 SSL/TLS version of RTMPT does not seem to exist,
>                 unless RTMPS does also a secured version of RTMPT.
>                 And then there is the challenge to get the Flash app
>                 to use the SSL version of RTMPT. By closing port 1935
>                 RTMPT on 8088 is automatically used, but clear text.
>
>                 *sigh*
>
>                 BC
>
>
>
>                 On 01/28/13 21:01, Stephen Cottham wrote:
>
>                     Hey Bart,
>
>                     Are you using a self-signed certificate by chance?
>
>                     have you tried different browsers?
>
>                     Using self-signed certs we have seen problems like
>                     this in a few browsers before, (if your using
>                     Windows you can import the self-signed cert into
>                     the trusted repo and try again this has resolved
>                     some issues before)
>
>                     I don’t believe you need to set the path to the
>                     cert explicitly in red5-core.xml like you are
>                     saying below, I have this working on 2.0 and 2.1
>                     without issues (using a legit cert) and have had
>                     mixed results using a self-signed and had some
>                     issues with Mozilla and chrome using their sandbox
>                     with both.
>
>                     Best Regards
>
>                     *Stephen Cottham**
>                     *Group IT Manager (Associate)
>
>                     Robert Bird Group
>                     Level 5, 333 Ann St
>                     Brisbane, Queensland, 4000, Australia
>
>                     *Phone: +6173 319 2777 (AUS)*
>
>                     *Phone: +44207 633 2880 (UK)*
>
>                     *Fax: +6173 319 2799*
>
>                     *Mobile: +61400 756 963 (AUS)*
>
>                     *Mobile: +447900 918 616 (UK)*
>
>                     *Web: **www.robertbird.com*
>                     <http://www.robertbird.com/>
>
>                     <mime-attachment.gif> <http://www.robertbird.com.au/>
>
>
>
>                     This email and any attachments are confidential
>                     and may contain legally privileged information or
>                     copyright material. Unless expressly stated,
>                     confidentiality and/or legal privilege is not
>                     intended to be waived by the sending of this
>                     email. The contents of this email, including any
>                     attachments, are intended solely for the use of
>                     the individual or entity to whom they are
>                     addressed. If you are not an intended recipient,
>                     please contact us immediately by return email and
>                     then delete both messages. You may not otherwise
>                     read, forward, copy, use or disclose this email or
>                     any attachments. Any views expressed in this email
>                     are those of the individual sender except where
>                     the sender expressly, and with authority, states
>                     otherwise. It is your responsibility to check any
>                     attachments for viruses or defects before opening
>                     or sending them on. None of the sender or its
>                     related entities accepts any liability for any
>                     consequential damage resulting from this email
>                     containing computer viruses.
>
>                     <mime-attachment.png>
>
>
>                     Disclaimer added by *CodeTwo Exchange Rules*
>                     www.codetwo.com <http://www.codetwo.com>
>
>                     *From:*Bart Coninckx
>                     [mailto:bart.coninckx@telenet.be]
>                     *Sent:* 28 January 2013 19:42
>                     *To:* openmeetings-user@incubator.apache.org
>                     <mailto:openmeetings-user@incubator.apache.org>
>                     *Subject:* Re: RTMPS woes
>
>                     Well, it did seem to be an effect of the path: the
>                     error message disappeared once I changed
>
>                     <property name="keystoreFile" value="conf/keystore">
>                     into
>                     <property name="keystoreFile"
>                     value="/data/openmeetings/conf/keystore">
>
>                     in red5-core.xml
>
>                     This reflects the real path on my server. Some one
>                     might want to add this to the documentation.
>
>                     The situation now is like this gentleman describes:
>
>                     https://issues.apache.org/jira/browse/OPENMEETINGS-500
>
>                     I can't shake the feeling the documentation is
>                     missing something ...
>
>
>                     BC
>
>
>
>                     On 01/28/13 00:49, Bart Coninckx wrote:
>
>                         One addition: I installed in
>                         /data/openmeetings, but I had this reflected
>                         in the init.d script that starts OpenMeetings.
>                         I hope that is OK?
>
>                         BC
>
>                         On 01/28/13 00:47, Bart Coninckx wrote:
>
>                             Hi all,
>
>                             been trying to get SSL rolling following
>                             the docs on
>                             http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
>
>
>                             I doublechecked everything but conecting
>                             to the OM site produces a "try 1", "try 2"
>                             etc and ends in NetConnection.Connect.Failed
>
>                             The red5 console says:
>
>                             [WARN] [NioProcessor-19]
>                             org.red5.server.net.rtmps.RTMPSMinaIoHandler
>                             - Exception caught Keystore or password
>                             are null
>
>                             the keystore is in "RED5_HOME"/conf and
>                             the passwords works.
>
>                             While capturing the packets I see a lot on
>                             443, so HTTPS seems OK and jsut a fiew on
>                             5443, so my guess is that RTMPS has a problem.
>
>
>                             The only step I did not do in the docu was:
>
>                             7. Create additional certificate as
>                             described above. Add this certificate to
>                             the following keystores:
>                             red5/conf/keystore.screen and
>                             red5/conf/keystore.
>
>                             as it is not very clear. Do you need to
>                             create a new CSR and next a new CRT?
>                             Because that makes no sense. Or do I need
>                             a new keystore named keystore.screen and
>                             import the same certificates?
>
>                             Thx for clarifying this,
>
>                             BC
>
>
>
>
>
>     -- 
>     WBR
>     Maxim aka solomax
>


Mime
View raw message