openmeetings-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bart Coninckx <bart.conin...@telenet.be>
Subject Re: RTMPS woes
Date Tue, 29 Jan 2013 17:30:14 GMT
I had a customer test on Safari on Mac, works flawless. Conclusion: it's 
limited to Linux.


On 01/29/13 17:44, Stephen Cottham wrote:
>
> Ok, I get the same results on Debian Wheezy using FF and Chromium, 
> both fail with Legit Cert. – Windows FF and IE work fine.
>
> I’ll take a better look tomorrow and see what’s going on there.
>
> Cheers
>
> *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
> *Sent:* 29 January 2013 14:48
> *To:* user@openmeetings.apache.org; Stephen Cottham
> *Subject:* Re: RTMPS woes
>
> OpenSuse 12.2
> Chrome 15.0.874.106 + Firefox 18.0 + Opera 12.2
> Flash 11.2.r202
>
> BC
>
> On 01/29/13 15:31, Stephen Cottham wrote:
>
>     What version of Linux, Browser and Flash are you using?
>
>     *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
>     *Sent:* 29 January 2013 14:29
>     *To:* Maxim Solodovnik
>     *Cc:* user
>     *Subject:* Re: RTMPS woes
>
>     One last thing I'd like to report: the RTMPS and HTTPS setup with
>     an official certificat does NOT work for Flash under Linux.
>     It works fine on Windows however.
>
>     Thx,
>
>     BC
>
>     On 01/29/13 02:46, Maxim Solodovnik wrote:
>
>         great you have things working :)
>
>         the absolute path should not be necessary, relative works for
>         me :)
>
>         On Tue, Jan 29, 2013 at 4:44 AM, Stephen Cottham
>         <Stephen.Cottham@robertbird.com.au
>         <mailto:Stephen.Cottham@robertbird.com.au>> wrote:
>
>         Yes you can simply copy the keystore to keystore.screen that
>         works fine.
>
>         Sent from my iPhone
>
>
>         On 28 Jan 2013, at 21:42, "Bart Coninckx"
>         <bart.coninckx@telenet.be <mailto:bart.coninckx@telenet.be>>
>         wrote:
>
>             Thx Stephen,
>
>             I think I got it - I made a self signed certificate as
>             mentionned on http://gregoire.org/2008/05/26/rtmps-in-red5/
>
>             Next I did the changes as described and restarted red5. I
>             did a tcpdump on  5443 and I see packets going back and
>             forth.
>
>             The next challenge is to replace the self signed cert by a
>             wildcard Apache certificate I have lying around.
>
>             The docs mention doing the same for keystore.screen
>             (apparently for screen sharing). What would keep me from
>             simply copying keystore to keystore.screen?
>
>
>             Cheers,
>             BC
>
>
>
>             On 01/28/13 22:31, Stephen Cottham wrote:
>
>                 OM 2.1 and 2.0 definitely works with SSL and RTMPS – I
>                 wouldn’t give up on trying to get that working at this
>                 stage, can you run the OM instance using this script
>
>                 ./Red5-debug.sh
>
>                 Then can you see anything in the start-up that may
>                 shed some light on the issue?
>
>                 Im assuming that your build works without SSL? So we
>                 can rule that out?
>
>                 What distro are you running on?
>
>                 You can check out the install guide here just to check
>                 each step:
>
>                 https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools
>
>                 ·Installing OM2.x On Debian64 - Headless
>
>                 ·Installing OM2.x On Ubuntu64 - Headless
>
>                 ·Installing OM2.x On Ubuntu64 - Headless - v12.10
>
>                 The later section of the guides has the https and
>                 rtmps and some info on reverse proxy.
>
>                 I will run thru the guide step by step tomo using my
>                 cert to confirm is still working as normal, I need to
>                 update the SVN links anyways.
>
>                 Cheers
>
>                 *Stephen Cottham*
>
>                 *
>                 *Group IT Manager (Associate)
>
>                 Robert Bird Group
>                 Level 5, 333 Ann St
>                 Brisbane, Queensland, 4000, Australia
>
>                 *Phone: +6173 319 2777 (AUS)*
>
>                 *Phone: +44207 633 2880 (UK)*
>
>                 *Fax: +6173 319 2799*
>
>                 *Mobile: +61400 756 963 (AUS)*
>
>                 *Mobile: +447900 918 616 (UK)*
>
>                 *Web: **www.robertbird.com* <http://www.robertbird.com/>
>
>                 <http://www.robertbird.com.au/>
>
>                 This email and any attachments are confidential and
>                 may contain legally privileged information or
>                 copyright material. Unless expressly stated,
>                 confidentiality and/or legal privilege is not intended
>                 to be waived by the sending of this email. The
>                 contents of this email, including any attachments, are
>                 intended solely for the use of the individual or
>                 entity to whom they are addressed. If you are not an
>                 intended recipient, please contact us immediately by
>                 return email and then delete both messages. You may
>                 not otherwise read, forward, copy, use or disclose
>                 this email or any attachments. Any views expressed in
>                 this email are those of the individual sender except
>                 where the sender expressly, and with authority, states
>                 otherwise. It is your responsibility to check any
>                 attachments for viruses or defects before opening or
>                 sending them on. None of the sender or its related
>                 entities accepts any liability for any consequential
>                 damage resulting from this email containing computer
>                 viruses.
>
>
>                 Disclaimer added by *CodeTwo Exchange Rules*
>                 www.codetwo.com <http://www.codetwo.com>
>
>                 *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
>                 *Sent:* 28 January 2013 20:57
>                 *To:* user@openmeetings.apache.org
>                 <mailto:user@openmeetings.apache.org>
>                 *Subject:* Re: RTMPS woes
>
>                 Wait a sec, I just read that RTMPS IS RTMPT over SSL !!
>
>                 Will do some morge digging into combining things with
>                 a reversed SSL proxy. I also saw pages using Stunnel,
>                 which is an ugly hack but if it works ...
>
>
>                 BC
>
>
>                 On 01/28/13 21:48, Bart Coninckx wrote:
>
>                     Hi Stephen,
>
>                     thx !
>
>                     tried both self-signed and an official one. Tried
>                     just one browser as we standardize to that browser
>                     (Internet Explorer).
>                     Getting RTMPS to work seems to be a daunting task.
>                     I'm trying to get it to work differently by
>                     looking at RTMPT and a SSL reversed proxy.
>                     Unfortunately a SSL/TLS version of RTMPT does not
>                     seem to exist, unless RTMPS does also a secured
>                     version of RTMPT.
>                     And then there is the challenge to get the Flash
>                     app to use the SSL version of RTMPT. By closing
>                     port 1935 RTMPT on 8088 is automatically used, but
>                     clear text.
>
>                     *sigh*
>
>                     BC
>
>
>
>                     On 01/28/13 21:01, Stephen Cottham wrote:
>
>                         Hey Bart,
>
>                         Are you using a self-signed certificate by chance?
>
>                         have you tried different browsers?
>
>                         Using self-signed certs we have seen problems
>                         like this in a few browsers before, (if your
>                         using Windows you can import the self-signed
>                         cert into the trusted repo and try again this
>                         has resolved some issues before)
>
>                         I don’t believe you need to set the path to
>                         the cert explicitly in red5-core.xml like you
>                         are saying below, I have this working on 2.0
>                         and 2.1 without issues (using a legit cert)
>                         and have had mixed results using a self-signed
>                         and had some issues with Mozilla and chrome
>                         using their sandbox with both.
>
>                         Best Regards
>
>                         *Stephen Cottham**
>                         *Group IT Manager (Associate)
>
>                         Robert Bird Group
>                         Level 5, 333 Ann St
>                         Brisbane, Queensland, 4000, Australia
>
>                         *Phone: +6173 319 2777 (AUS)*
>
>                         *Phone: +44207 633 2880 (UK)*
>
>                         *Fax: +6173 319 2799*
>
>                         *Mobile: +61400 756 963 (AUS)*
>
>                         *Mobile: +447900 918 616 (UK)*
>
>                         *Web: **www.robertbird.com*
>                         <http://www.robertbird.com/>
>
>                         <mime-attachment.gif>
>                         <http://www.robertbird.com.au/>
>
>
>
>                         This email and any attachments are
>                         confidential and may contain legally
>                         privileged information or copyright material.
>                         Unless expressly stated, confidentiality
>                         and/or legal privilege is not intended to be
>                         waived by the sending of this email. The
>                         contents of this email, including any
>                         attachments, are intended solely for the use
>                         of the individual or entity to whom they are
>                         addressed. If you are not an intended
>                         recipient, please contact us immediately by
>                         return email and then delete both messages.
>                         You may not otherwise read, forward, copy, use
>                         or disclose this email or any attachments. Any
>                         views expressed in this email are those of the
>                         individual sender except where the sender
>                         expressly, and with authority, states
>                         otherwise. It is your responsibility to check
>                         any attachments for viruses or defects before
>                         opening or sending them on. None of the sender
>                         or its related entities accepts any liability
>                         for any consequential damage resulting from
>                         this email containing computer viruses.
>
>                         <mime-attachment.png>
>
>
>                         Disclaimer added by *CodeTwo Exchange Rules*
>                         www.codetwo.com <http://www.codetwo.com>
>
>                         *From:*Bart Coninckx
>                         [mailto:bart.coninckx@telenet.be]
>                         *Sent:* 28 January 2013 19:42
>                         *To:* openmeetings-user@incubator.apache.org
>                         <mailto:openmeetings-user@incubator.apache.org>
>                         *Subject:* Re: RTMPS woes
>
>                         Well, it did seem to be an effect of the path:
>                         the error message disappeared once I changed
>
>                         <property name="keystoreFile"
>                         value="conf/keystore">
>                         into
>                         <property name="keystoreFile"
>                         value="/data/openmeetings/conf/keystore">
>
>                         in red5-core.xml
>
>                         This reflects the real path on my server. Some
>                         one might want to add this to the documentation.
>
>                         The situation now is like this gentleman
>                         describes:
>
>                         https://issues.apache.org/jira/browse/OPENMEETINGS-500
>
>                         I can't shake the feeling the documentation is
>                         missing something ...
>
>
>                         BC
>
>
>
>                         On 01/28/13 00:49, Bart Coninckx wrote:
>
>                             One addition: I installed in
>                             /data/openmeetings, but I had this
>                             reflected in the init.d script that starts
>                             OpenMeetings. I hope that is OK?
>
>                             BC
>
>                             On 01/28/13 00:47, Bart Coninckx wrote:
>
>                                 Hi all,
>
>                                 been trying to get SSL rolling
>                                 following the docs on
>                                 http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
>
>
>                                 I doublechecked everything but
>                                 conecting to the OM site produces a
>                                 "try 1", "try 2" etc and ends in
>                                 NetConnection.Connect.Failed
>
>                                 The red5 console says:
>
>                                 [WARN] [NioProcessor-19]
>                                 org.red5.server.net.rtmps.RTMPSMinaIoHandler
>                                 - Exception caught Keystore or
>                                 password are null
>
>                                 the keystore is in "RED5_HOME"/conf
>                                 and the passwords works.
>
>                                 While capturing the packets I see a
>                                 lot on 443, so HTTPS seems OK and jsut
>                                 a fiew on 5443, so my guess is that
>                                 RTMPS has a problem.
>
>
>                                 The only step I did not do in the docu
>                                 was:
>
>                                 7. Create additional certificate as
>                                 described above. Add this certificate
>                                 to the following keystores:
>                                 red5/conf/keystore.screen and
>                                 red5/conf/keystore.
>
>                                 as it is not very clear. Do you need
>                                 to create a new CSR and next a new
>                                 CRT? Because that makes no sense. Or
>                                 do I need a new keystore named
>                                 keystore.screen and import the same
>                                 certificates?
>
>                                 Thx for clarifying this,
>
>                                 BC
>
>
>
>
>
>
>         -- 
>         WBR
>         Maxim aka solomax
>


Mime
View raw message