You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by Bart Coninckx <ba...@telenet.be> on 2013/01/28 00:47:01 UTC
RTMPS woes
Hi all,
been trying to get SSL rolling following the docs on
http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
I doublechecked everything but conecting to the OM site produces a "try
1", "try 2" etc and ends in NetConnection.Connect.Failed
The red5 console says:
[WARN] [NioProcessor-19] org.red5.server.net.rtmps.RTMPSMinaIoHandler -
Exception caught Keystore or password are null
the keystore is in "RED5_HOME"/conf and the passwords works.
While capturing the packets I see a lot on 443, so HTTPS seems OK and
jsut a fiew on 5443, so my guess is that RTMPS has a problem.
The only step I did not do in the docu was:
7. Create additional certificate as described above. Add this
certificate to the following keystores: red5/conf/keystore.screen and
red5/conf/keystore.
as it is not very clear. Do you need to create a new CSR and next a new
CRT? Because that makes no sense. Or do I need a new keystore named
keystore.screen and import the same certificates?
Thx for clarifying this,
BC
Re: RTMPS woes
Posted by Bart Coninckx <ba...@telenet.be>.
I had a customer test on Safari on Mac, works flawless. Conclusion: it's
limited to Linux.
On 01/29/13 17:44, Stephen Cottham wrote:
>
> Ok, I get the same results on Debian Wheezy using FF and Chromium,
> both fail with Legit Cert. – Windows FF and IE work fine.
>
> I’ll take a better look tomorrow and see what’s going on there.
>
> Cheers
>
> *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
> *Sent:* 29 January 2013 14:48
> *To:* user@openmeetings.apache.org; Stephen Cottham
> *Subject:* Re: RTMPS woes
>
> OpenSuse 12.2
> Chrome 15.0.874.106 + Firefox 18.0 + Opera 12.2
> Flash 11.2.r202
>
> BC
>
> On 01/29/13 15:31, Stephen Cottham wrote:
>
> What version of Linux, Browser and Flash are you using?
>
> *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
> *Sent:* 29 January 2013 14:29
> *To:* Maxim Solodovnik
> *Cc:* user
> *Subject:* Re: RTMPS woes
>
> One last thing I'd like to report: the RTMPS and HTTPS setup with
> an official certificat does NOT work for Flash under Linux.
> It works fine on Windows however.
>
> Thx,
>
> BC
>
> On 01/29/13 02:46, Maxim Solodovnik wrote:
>
> great you have things working :)
>
> the absolute path should not be necessary, relative works for
> me :)
>
> On Tue, Jan 29, 2013 at 4:44 AM, Stephen Cottham
> <Stephen.Cottham@robertbird.com.au
> <ma...@robertbird.com.au>> wrote:
>
> Yes you can simply copy the keystore to keystore.screen that
> works fine.
>
> Sent from my iPhone
>
>
> On 28 Jan 2013, at 21:42, "Bart Coninckx"
> <bart.coninckx@telenet.be <ma...@telenet.be>>
> wrote:
>
> Thx Stephen,
>
> I think I got it - I made a self signed certificate as
> mentionned on http://gregoire.org/2008/05/26/rtmps-in-red5/
>
> Next I did the changes as described and restarted red5. I
> did a tcpdump on 5443 and I see packets going back and
> forth.
>
> The next challenge is to replace the self signed cert by a
> wildcard Apache certificate I have lying around.
>
> The docs mention doing the same for keystore.screen
> (apparently for screen sharing). What would keep me from
> simply copying keystore to keystore.screen?
>
>
> Cheers,
> BC
>
>
>
> On 01/28/13 22:31, Stephen Cottham wrote:
>
> OM 2.1 and 2.0 definitely works with SSL and RTMPS – I
> wouldn’t give up on trying to get that working at this
> stage, can you run the OM instance using this script
>
> ./Red5-debug.sh
>
> Then can you see anything in the start-up that may
> shed some light on the issue?
>
> Im assuming that your build works without SSL? So we
> can rule that out?
>
> What distro are you running on?
>
> You can check out the install guide here just to check
> each step:
>
> https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools
>
> ·Installing OM2.x On Debian64 - Headless
>
> ·Installing OM2.x On Ubuntu64 - Headless
>
> ·Installing OM2.x On Ubuntu64 - Headless - v12.10
>
> The later section of the guides has the https and
> rtmps and some info on reverse proxy.
>
> I will run thru the guide step by step tomo using my
> cert to confirm is still working as normal, I need to
> update the SVN links anyways.
>
> Cheers
>
> *Stephen Cottham*
>
> *
> *Group IT Manager (Associate)
>
> Robert Bird Group
> Level 5, 333 Ann St
> Brisbane, Queensland, 4000, Australia
>
> *Phone: +6173 319 2777 (AUS)*
>
> *Phone: +44207 633 2880 (UK)*
>
> *Fax: +6173 319 2799*
>
> *Mobile: +61400 756 963 (AUS)*
>
> *Mobile: +447900 918 616 (UK)*
>
> *Web: **www.robertbird.com* <http://www.robertbird.com/>
>
> <http://www.robertbird.com.au/>
>
> This email and any attachments are confidential and
> may contain legally privileged information or
> copyright material. Unless expressly stated,
> confidentiality and/or legal privilege is not intended
> to be waived by the sending of this email. The
> contents of this email, including any attachments, are
> intended solely for the use of the individual or
> entity to whom they are addressed. If you are not an
> intended recipient, please contact us immediately by
> return email and then delete both messages. You may
> not otherwise read, forward, copy, use or disclose
> this email or any attachments. Any views expressed in
> this email are those of the individual sender except
> where the sender expressly, and with authority, states
> otherwise. It is your responsibility to check any
> attachments for viruses or defects before opening or
> sending them on. None of the sender or its related
> entities accepts any liability for any consequential
> damage resulting from this email containing computer
> viruses.
>
>
> Disclaimer added by *CodeTwo Exchange Rules*
> www.codetwo.com <http://www.codetwo.com>
>
> *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
> *Sent:* 28 January 2013 20:57
> *To:* user@openmeetings.apache.org
> <ma...@openmeetings.apache.org>
> *Subject:* Re: RTMPS woes
>
> Wait a sec, I just read that RTMPS IS RTMPT over SSL !!
>
> Will do some morge digging into combining things with
> a reversed SSL proxy. I also saw pages using Stunnel,
> which is an ugly hack but if it works ...
>
>
> BC
>
>
> On 01/28/13 21:48, Bart Coninckx wrote:
>
> Hi Stephen,
>
> thx !
>
> tried both self-signed and an official one. Tried
> just one browser as we standardize to that browser
> (Internet Explorer).
> Getting RTMPS to work seems to be a daunting task.
> I'm trying to get it to work differently by
> looking at RTMPT and a SSL reversed proxy.
> Unfortunately a SSL/TLS version of RTMPT does not
> seem to exist, unless RTMPS does also a secured
> version of RTMPT.
> And then there is the challenge to get the Flash
> app to use the SSL version of RTMPT. By closing
> port 1935 RTMPT on 8088 is automatically used, but
> clear text.
>
> *sigh*
>
> BC
>
>
>
> On 01/28/13 21:01, Stephen Cottham wrote:
>
> Hey Bart,
>
> Are you using a self-signed certificate by chance?
>
> have you tried different browsers?
>
> Using self-signed certs we have seen problems
> like this in a few browsers before, (if your
> using Windows you can import the self-signed
> cert into the trusted repo and try again this
> has resolved some issues before)
>
> I don’t believe you need to set the path to
> the cert explicitly in red5-core.xml like you
> are saying below, I have this working on 2.0
> and 2.1 without issues (using a legit cert)
> and have had mixed results using a self-signed
> and had some issues with Mozilla and chrome
> using their sandbox with both.
>
> Best Regards
>
> *Stephen Cottham**
> *Group IT Manager (Associate)
>
> Robert Bird Group
> Level 5, 333 Ann St
> Brisbane, Queensland, 4000, Australia
>
> *Phone: +6173 319 2777 (AUS)*
>
> *Phone: +44207 633 2880 (UK)*
>
> *Fax: +6173 319 2799*
>
> *Mobile: +61400 756 963 (AUS)*
>
> *Mobile: +447900 918 616 (UK)*
>
> *Web: **www.robertbird.com*
> <http://www.robertbird.com/>
>
> <mime-attachment.gif>
> <http://www.robertbird.com.au/>
>
>
>
> This email and any attachments are
> confidential and may contain legally
> privileged information or copyright material.
> Unless expressly stated, confidentiality
> and/or legal privilege is not intended to be
> waived by the sending of this email. The
> contents of this email, including any
> attachments, are intended solely for the use
> of the individual or entity to whom they are
> addressed. If you are not an intended
> recipient, please contact us immediately by
> return email and then delete both messages.
> You may not otherwise read, forward, copy, use
> or disclose this email or any attachments. Any
> views expressed in this email are those of the
> individual sender except where the sender
> expressly, and with authority, states
> otherwise. It is your responsibility to check
> any attachments for viruses or defects before
> opening or sending them on. None of the sender
> or its related entities accepts any liability
> for any consequential damage resulting from
> this email containing computer viruses.
>
> <mime-attachment.png>
>
>
> Disclaimer added by *CodeTwo Exchange Rules*
> www.codetwo.com <http://www.codetwo.com>
>
> *From:*Bart Coninckx
> [mailto:bart.coninckx@telenet.be]
> *Sent:* 28 January 2013 19:42
> *To:* openmeetings-user@incubator.apache.org
> <ma...@incubator.apache.org>
> *Subject:* Re: RTMPS woes
>
> Well, it did seem to be an effect of the path:
> the error message disappeared once I changed
>
> <property name="keystoreFile"
> value="conf/keystore">
> into
> <property name="keystoreFile"
> value="/data/openmeetings/conf/keystore">
>
> in red5-core.xml
>
> This reflects the real path on my server. Some
> one might want to add this to the documentation.
>
> The situation now is like this gentleman
> describes:
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-500
>
> I can't shake the feeling the documentation is
> missing something ...
>
>
> BC
>
>
>
> On 01/28/13 00:49, Bart Coninckx wrote:
>
> One addition: I installed in
> /data/openmeetings, but I had this
> reflected in the init.d script that starts
> OpenMeetings. I hope that is OK?
>
> BC
>
> On 01/28/13 00:47, Bart Coninckx wrote:
>
> Hi all,
>
> been trying to get SSL rolling
> following the docs on
> http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
>
>
> I doublechecked everything but
> conecting to the OM site produces a
> "try 1", "try 2" etc and ends in
> NetConnection.Connect.Failed
>
> The red5 console says:
>
> [WARN] [NioProcessor-19]
> org.red5.server.net.rtmps.RTMPSMinaIoHandler
> - Exception caught Keystore or
> password are null
>
> the keystore is in "RED5_HOME"/conf
> and the passwords works.
>
> While capturing the packets I see a
> lot on 443, so HTTPS seems OK and jsut
> a fiew on 5443, so my guess is that
> RTMPS has a problem.
>
>
> The only step I did not do in the docu
> was:
>
> 7. Create additional certificate as
> described above. Add this certificate
> to the following keystores:
> red5/conf/keystore.screen and
> red5/conf/keystore.
>
> as it is not very clear. Do you need
> to create a new CSR and next a new
> CRT? Because that makes no sense. Or
> do I need a new keystore named
> keystore.screen and import the same
> certificates?
>
> Thx for clarifying this,
>
> BC
>
>
>
>
>
>
> --
> WBR
> Maxim aka solomax
>
RE: RTMPS woes
Posted by Stephen Cottham <St...@robertbird.com.au>.
Ok, I get the same results on Debian Wheezy using FF and Chromium, both fail with Legit Cert. – Windows FF and IE work fine.
I’ll take a better look tomorrow and see what’s going on there.
Cheers
From: Bart Coninckx [mailto:bart.coninckx@telenet.be]
Sent: 29 January 2013 14:48
To: user@openmeetings.apache.org; Stephen Cottham
Subject: Re: RTMPS woes
OpenSuse 12.2
Chrome 15.0.874.106 + Firefox 18.0 + Opera 12.2
Flash 11.2.r202
BC
On 01/29/13 15:31, Stephen Cottham wrote:
What version of Linux, Browser and Flash are you using?
From: Bart Coninckx [mailto:bart.coninckx@telenet.be]
Sent: 29 January 2013 14:29
To: Maxim Solodovnik
Cc: user
Subject: Re: RTMPS woes
One last thing I'd like to report: the RTMPS and HTTPS setup with an official certificat does NOT work for Flash under Linux.
It works fine on Windows however.
Thx,
BC
On 01/29/13 02:46, Maxim Solodovnik wrote:
great you have things working :)
the absolute path should not be necessary, relative works for me :)
On Tue, Jan 29, 2013 at 4:44 AM, Stephen Cottham <St...@robertbird.com.au> wrote:
Yes you can simply copy the keystore to keystore.screen that works fine.
Sent from my iPhone
On 28 Jan 2013, at 21:42, "Bart Coninckx" <ba...@telenet.be> wrote:
Thx Stephen,
I think I got it - I made a self signed certificate as mentionned on http://gregoire.org/2008/05/26/rtmps-in-red5/
Next I did the changes as described and restarted red5. I did a tcpdump on 5443 and I see packets going back and forth.
The next challenge is to replace the self signed cert by a wildcard Apache certificate I have lying around.
The docs mention doing the same for keystore.screen (apparently for screen sharing). What would keep me from simply copying keystore to keystore.screen?
Cheers,
BC
On 01/28/13 22:31, Stephen Cottham wrote:
OM 2.1 and 2.0 definitely works with SSL and RTMPS – I wouldn’t give up on trying to get that working at this stage, can you run the OM instance using this script
./Red5-debug.sh
Then can you see anything in the start-up that may shed some light on the issue?
Im assuming that your build works without SSL? So we can rule that out?
What distro are you running on?
You can check out the install guide here just to check each step:
https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools
· Installing OM2.x On Debian64 - Headless
· Installing OM2.x On Ubuntu64 - Headless
· Installing OM2.x On Ubuntu64 - Headless - v12.10
The later section of the guides has the https and rtmps and some info on reverse proxy.
I will run thru the guide step by step tomo using my cert to confirm is still working as normal, I need to update the SVN links anyways.
Cheers
Stephen Cottham
Group IT Manager (Associate)
Robert Bird Group
Level 5, 333 Ann St
Brisbane, Queensland, 4000, Australia
Phone: +6173 319 2777 (AUS)
Phone: +44207 633 2880 (UK)
Fax: +6173 319 2799
Mobile: +61400 756 963 (AUS)
Mobile: +447900 918 616 (UK)
Web: www.robertbird.com <http://www.robertbird.com/>
<http://www.robertbird.com.au/>
This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses.
Disclaimer added by CodeTwo Exchange Rules
www.codetwo.com
From: Bart Coninckx [mailto:bart.coninckx@telenet.be]
Sent: 28 January 2013 20:57
To: user@openmeetings.apache.org
Subject: Re: RTMPS woes
Wait a sec, I just read that RTMPS IS RTMPT over SSL !!
Will do some morge digging into combining things with a reversed SSL proxy. I also saw pages using Stunnel, which is an ugly hack but if it works ...
BC
On 01/28/13 21:48, Bart Coninckx wrote:
Hi Stephen,
thx !
tried both self-signed and an official one. Tried just one browser as we standardize to that browser (Internet Explorer).
Getting RTMPS to work seems to be a daunting task.
I'm trying to get it to work differently by looking at RTMPT and a SSL reversed proxy. Unfortunately a SSL/TLS version of RTMPT does not seem to exist, unless RTMPS does also a secured version of RTMPT.
And then there is the challenge to get the Flash app to use the SSL version of RTMPT. By closing port 1935 RTMPT on 8088 is automatically used, but clear text.
*sigh*
BC
On 01/28/13 21:01, Stephen Cottham wrote:
Hey Bart,
Are you using a self-signed certificate by chance?
have you tried different browsers?
Using self-signed certs we have seen problems like this in a few browsers before, (if your using Windows you can import the self-signed cert into the trusted repo and try again this has resolved some issues before)
I don’t believe you need to set the path to the cert explicitly in red5-core.xml like you are saying below, I have this working on 2.0 and 2.1 without issues (using a legit cert) and have had mixed results using a self-signed and had some issues with Mozilla and chrome using their sandbox with both.
Best Regards
Stephen Cottham
Group IT Manager (Associate)
Robert Bird Group
Level 5, 333 Ann St
Brisbane, Queensland, 4000, Australia
Phone: +6173 319 2777 (AUS)
Phone: +44207 633 2880 (UK)
Fax: +6173 319 2799
Mobile: +61400 756 963 (AUS)
Mobile: +447900 918 616 (UK)
Web: www.robertbird.com <http://www.robertbird.com/>
<mime-attachment.gif> <http://www.robertbird.com.au/>
This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses.
<mime-attachment.png>
Disclaimer added by CodeTwo Exchange Rules
www.codetwo.com
From: Bart Coninckx [mailto:bart.coninckx@telenet.be]
Sent: 28 January 2013 19:42
To: openmeetings-user@incubator.apache.org
Subject: Re: RTMPS woes
Well, it did seem to be an effect of the path: the error message disappeared once I changed
<property name="keystoreFile" value="conf/keystore">
into
<property name="keystoreFile" value="/data/openmeetings/conf/keystore">
in red5-core.xml
This reflects the real path on my server. Some one might want to add this to the documentation.
The situation now is like this gentleman describes:
https://issues.apache.org/jira/browse/OPENMEETINGS-500
I can't shake the feeling the documentation is missing something ...
BC
On 01/28/13 00:49, Bart Coninckx wrote:
One addition: I installed in /data/openmeetings, but I had this reflected in the init.d script that starts OpenMeetings. I hope that is OK?
BC
On 01/28/13 00:47, Bart Coninckx wrote:
Hi all,
been trying to get SSL rolling following the docs on http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
I doublechecked everything but conecting to the OM site produces a "try 1", "try 2" etc and ends in NetConnection.Connect.Failed
The red5 console says:
[WARN] [NioProcessor-19] org.red5.server.net.rtmps.RTMPSMinaIoHandler - Exception caught Keystore or password are null
the keystore is in "RED5_HOME"/conf and the passwords works.
While capturing the packets I see a lot on 443, so HTTPS seems OK and jsut a fiew on 5443, so my guess is that RTMPS has a problem.
The only step I did not do in the docu was:
7. Create additional certificate as described above. Add this certificate to the following keystores: red5/conf/keystore.screen and red5/conf/keystore.
as it is not very clear. Do you need to create a new CSR and next a new CRT? Because that makes no sense. Or do I need a new keystore named keystore.screen and import the same certificates?
Thx for clarifying this,
BC
--
WBR
Maxim aka solomax
Stephen Cottham
Group IT Manager (Associate)
Robert Bird Group
Level 5, 333 Ann St
Brisbane, Queensland, 4000, Australia
Phone: +6173 319 2777 (AUS)
Phone: +44207 633 2880 (UK)
Fax: +6173 319 2799
Mobile: +61400 756 963 (AUS)
Mobile: +447900 918 616 (UK)
Web: www.robertbird.com
This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses.
Disclaimer added by CodeTwo Exchange Rules
http://www.codetwo.com
Re: RTMPS woes
Posted by Bart Coninckx <ba...@telenet.be>.
OpenSuse 12.2
Chrome 15.0.874.106 + Firefox 18.0 + Opera 12.2
Flash 11.2.r202
BC
On 01/29/13 15:31, Stephen Cottham wrote:
>
> What version of Linux, Browser and Flash are you using?
>
> *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
> *Sent:* 29 January 2013 14:29
> *To:* Maxim Solodovnik
> *Cc:* user
> *Subject:* Re: RTMPS woes
>
> One last thing I'd like to report: the RTMPS and HTTPS setup with an
> official certificat does NOT work for Flash under Linux.
> It works fine on Windows however.
>
> Thx,
>
> BC
>
> On 01/29/13 02:46, Maxim Solodovnik wrote:
>
> great you have things working :)
>
> the absolute path should not be necessary, relative works for me :)
>
> On Tue, Jan 29, 2013 at 4:44 AM, Stephen Cottham
> <Stephen.Cottham@robertbird.com.au
> <ma...@robertbird.com.au>> wrote:
>
> Yes you can simply copy the keystore to keystore.screen that works
> fine.
>
> Sent from my iPhone
>
>
> On 28 Jan 2013, at 21:42, "Bart Coninckx"
> <bart.coninckx@telenet.be <ma...@telenet.be>> wrote:
>
> Thx Stephen,
>
> I think I got it - I made a self signed certificate as
> mentionned on http://gregoire.org/2008/05/26/rtmps-in-red5/
>
> Next I did the changes as described and restarted red5. I did
> a tcpdump on 5443 and I see packets going back and forth.
>
> The next challenge is to replace the self signed cert by a
> wildcard Apache certificate I have lying around.
>
> The docs mention doing the same for keystore.screen
> (apparently for screen sharing). What would keep me from
> simply copying keystore to keystore.screen?
>
>
> Cheers,
> BC
>
>
>
> On 01/28/13 22:31, Stephen Cottham wrote:
>
> OM 2.1 and 2.0 definitely works with SSL and RTMPS – I
> wouldn’t give up on trying to get that working at this
> stage, can you run the OM instance using this script
>
> ./Red5-debug.sh
>
> Then can you see anything in the start-up that may shed
> some light on the issue?
>
> Im assuming that your build works without SSL? So we can
> rule that out?
>
> What distro are you running on?
>
> You can check out the install guide here just to check
> each step:
>
> https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools
>
> ·Installing OM2.x On Debian64 - Headless
>
> ·Installing OM2.x On Ubuntu64 - Headless
>
> ·Installing OM2.x On Ubuntu64 - Headless - v12.10
>
> The later section of the guides has the https and rtmps
> and some info on reverse proxy.
>
> I will run thru the guide step by step tomo using my cert
> to confirm is still working as normal, I need to update
> the SVN links anyways.
>
> Cheers
>
> *Stephen Cottham*
>
> *
> *Group IT Manager (Associate)
>
> Robert Bird Group
> Level 5, 333 Ann St
> Brisbane, Queensland, 4000, Australia
>
> *Phone: +6173 319 2777 (AUS)*
>
> *Phone: +44207 633 2880 (UK)*
>
> *Fax: +6173 319 2799*
>
> *Mobile: +61400 756 963 (AUS)*
>
> *Mobile: +447900 918 616 (UK)*
>
> *Web: **www.robertbird.com* <http://www.robertbird.com/>
>
> <http://www.robertbird.com.au/>
>
> This email and any attachments are confidential and may
> contain legally privileged information or copyright
> material. Unless expressly stated, confidentiality and/or
> legal privilege is not intended to be waived by the
> sending of this email. The contents of this email,
> including any attachments, are intended solely for the use
> of the individual or entity to whom they are addressed. If
> you are not an intended recipient, please contact us
> immediately by return email and then delete both messages.
> You may not otherwise read, forward, copy, use or disclose
> this email or any attachments. Any views expressed in this
> email are those of the individual sender except where the
> sender expressly, and with authority, states otherwise. It
> is your responsibility to check any attachments for
> viruses or defects before opening or sending them on. None
> of the sender or its related entities accepts any
> liability for any consequential damage resulting from this
> email containing computer viruses.
>
>
> Disclaimer added by *CodeTwo Exchange Rules*
> www.codetwo.com <http://www.codetwo.com>
>
> *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
> *Sent:* 28 January 2013 20:57
> *To:* user@openmeetings.apache.org
> <ma...@openmeetings.apache.org>
> *Subject:* Re: RTMPS woes
>
> Wait a sec, I just read that RTMPS IS RTMPT over SSL !!
>
> Will do some morge digging into combining things with a
> reversed SSL proxy. I also saw pages using Stunnel, which
> is an ugly hack but if it works ...
>
>
> BC
>
>
> On 01/28/13 21:48, Bart Coninckx wrote:
>
> Hi Stephen,
>
> thx !
>
> tried both self-signed and an official one. Tried just
> one browser as we standardize to that browser
> (Internet Explorer).
> Getting RTMPS to work seems to be a daunting task.
> I'm trying to get it to work differently by looking at
> RTMPT and a SSL reversed proxy. Unfortunately a
> SSL/TLS version of RTMPT does not seem to exist,
> unless RTMPS does also a secured version of RTMPT.
> And then there is the challenge to get the Flash app
> to use the SSL version of RTMPT. By closing port 1935
> RTMPT on 8088 is automatically used, but clear text.
>
> *sigh*
>
> BC
>
>
>
> On 01/28/13 21:01, Stephen Cottham wrote:
>
> Hey Bart,
>
> Are you using a self-signed certificate by chance?
>
> have you tried different browsers?
>
> Using self-signed certs we have seen problems like
> this in a few browsers before, (if your using
> Windows you can import the self-signed cert into
> the trusted repo and try again this has resolved
> some issues before)
>
> I don’t believe you need to set the path to the
> cert explicitly in red5-core.xml like you are
> saying below, I have this working on 2.0 and 2.1
> without issues (using a legit cert) and have had
> mixed results using a self-signed and had some
> issues with Mozilla and chrome using their sandbox
> with both.
>
> Best Regards
>
> *Stephen Cottham**
> *Group IT Manager (Associate)
>
> Robert Bird Group
> Level 5, 333 Ann St
> Brisbane, Queensland, 4000, Australia
>
> *Phone: +6173 319 2777 (AUS)*
>
> *Phone: +44207 633 2880 (UK)*
>
> *Fax: +6173 319 2799*
>
> *Mobile: +61400 756 963 (AUS)*
>
> *Mobile: +447900 918 616 (UK)*
>
> *Web: **www.robertbird.com*
> <http://www.robertbird.com/>
>
> <mime-attachment.gif> <http://www.robertbird.com.au/>
>
>
>
> This email and any attachments are confidential
> and may contain legally privileged information or
> copyright material. Unless expressly stated,
> confidentiality and/or legal privilege is not
> intended to be waived by the sending of this
> email. The contents of this email, including any
> attachments, are intended solely for the use of
> the individual or entity to whom they are
> addressed. If you are not an intended recipient,
> please contact us immediately by return email and
> then delete both messages. You may not otherwise
> read, forward, copy, use or disclose this email or
> any attachments. Any views expressed in this email
> are those of the individual sender except where
> the sender expressly, and with authority, states
> otherwise. It is your responsibility to check any
> attachments for viruses or defects before opening
> or sending them on. None of the sender or its
> related entities accepts any liability for any
> consequential damage resulting from this email
> containing computer viruses.
>
> <mime-attachment.png>
>
>
> Disclaimer added by *CodeTwo Exchange Rules*
> www.codetwo.com <http://www.codetwo.com>
>
> *From:*Bart Coninckx
> [mailto:bart.coninckx@telenet.be]
> *Sent:* 28 January 2013 19:42
> *To:* openmeetings-user@incubator.apache.org
> <ma...@incubator.apache.org>
> *Subject:* Re: RTMPS woes
>
> Well, it did seem to be an effect of the path: the
> error message disappeared once I changed
>
> <property name="keystoreFile" value="conf/keystore">
> into
> <property name="keystoreFile"
> value="/data/openmeetings/conf/keystore">
>
> in red5-core.xml
>
> This reflects the real path on my server. Some one
> might want to add this to the documentation.
>
> The situation now is like this gentleman describes:
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-500
>
> I can't shake the feeling the documentation is
> missing something ...
>
>
> BC
>
>
>
> On 01/28/13 00:49, Bart Coninckx wrote:
>
> One addition: I installed in
> /data/openmeetings, but I had this reflected
> in the init.d script that starts OpenMeetings.
> I hope that is OK?
>
> BC
>
> On 01/28/13 00:47, Bart Coninckx wrote:
>
> Hi all,
>
> been trying to get SSL rolling following
> the docs on
> http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
>
>
> I doublechecked everything but conecting
> to the OM site produces a "try 1", "try 2"
> etc and ends in NetConnection.Connect.Failed
>
> The red5 console says:
>
> [WARN] [NioProcessor-19]
> org.red5.server.net.rtmps.RTMPSMinaIoHandler
> - Exception caught Keystore or password
> are null
>
> the keystore is in "RED5_HOME"/conf and
> the passwords works.
>
> While capturing the packets I see a lot on
> 443, so HTTPS seems OK and jsut a fiew on
> 5443, so my guess is that RTMPS has a problem.
>
>
> The only step I did not do in the docu was:
>
> 7. Create additional certificate as
> described above. Add this certificate to
> the following keystores:
> red5/conf/keystore.screen and
> red5/conf/keystore.
>
> as it is not very clear. Do you need to
> create a new CSR and next a new CRT?
> Because that makes no sense. Or do I need
> a new keystore named keystore.screen and
> import the same certificates?
>
> Thx for clarifying this,
>
> BC
>
>
>
>
>
> --
> WBR
> Maxim aka solomax
>
RE: RTMPS woes
Posted by Stephen Cottham <St...@robertbird.com.au>.
What version of Linux, Browser and Flash are you using?
From: Bart Coninckx [mailto:bart.coninckx@telenet.be]
Sent: 29 January 2013 14:29
To: Maxim Solodovnik
Cc: user
Subject: Re: RTMPS woes
One last thing I'd like to report: the RTMPS and HTTPS setup with an official certificat does NOT work for Flash under Linux.
It works fine on Windows however.
Thx,
BC
On 01/29/13 02:46, Maxim Solodovnik wrote:
great you have things working :)
the absolute path should not be necessary, relative works for me :)
On Tue, Jan 29, 2013 at 4:44 AM, Stephen Cottham <St...@robertbird.com.au> wrote:
Yes you can simply copy the keystore to keystore.screen that works fine.
Sent from my iPhone
On 28 Jan 2013, at 21:42, "Bart Coninckx" <ba...@telenet.be> wrote:
Thx Stephen,
I think I got it - I made a self signed certificate as mentionned on http://gregoire.org/2008/05/26/rtmps-in-red5/
Next I did the changes as described and restarted red5. I did a tcpdump on 5443 and I see packets going back and forth.
The next challenge is to replace the self signed cert by a wildcard Apache certificate I have lying around.
The docs mention doing the same for keystore.screen (apparently for screen sharing). What would keep me from simply copying keystore to keystore.screen?
Cheers,
BC
On 01/28/13 22:31, Stephen Cottham wrote:
OM 2.1 and 2.0 definitely works with SSL and RTMPS – I wouldn’t give up on trying to get that working at this stage, can you run the OM instance using this script
./Red5-debug.sh
Then can you see anything in the start-up that may shed some light on the issue?
Im assuming that your build works without SSL? So we can rule that out?
What distro are you running on?
You can check out the install guide here just to check each step:
https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools
· Installing OM2.x On Debian64 - Headless
· Installing OM2.x On Ubuntu64 - Headless
· Installing OM2.x On Ubuntu64 - Headless - v12.10
The later section of the guides has the https and rtmps and some info on reverse proxy.
I will run thru the guide step by step tomo using my cert to confirm is still working as normal, I need to update the SVN links anyways.
Cheers
Stephen Cottham
Group IT Manager (Associate)
Robert Bird Group
Level 5, 333 Ann St
Brisbane, Queensland, 4000, Australia
Phone: +6173 319 2777 (AUS)
Phone: +44207 633 2880 (UK)
Fax: +6173 319 2799
Mobile: +61400 756 963 (AUS)
Mobile: +447900 918 616 (UK)
Web: www.robertbird.com <http://www.robertbird.com/>
<http://www.robertbird.com.au/>
This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses.
Disclaimer added by CodeTwo Exchange Rules
www.codetwo.com
From: Bart Coninckx [mailto:bart.coninckx@telenet.be]
Sent: 28 January 2013 20:57
To: user@openmeetings.apache.org
Subject: Re: RTMPS woes
Wait a sec, I just read that RTMPS IS RTMPT over SSL !!
Will do some morge digging into combining things with a reversed SSL proxy. I also saw pages using Stunnel, which is an ugly hack but if it works ...
BC
On 01/28/13 21:48, Bart Coninckx wrote:
Hi Stephen,
thx !
tried both self-signed and an official one. Tried just one browser as we standardize to that browser (Internet Explorer).
Getting RTMPS to work seems to be a daunting task.
I'm trying to get it to work differently by looking at RTMPT and a SSL reversed proxy. Unfortunately a SSL/TLS version of RTMPT does not seem to exist, unless RTMPS does also a secured version of RTMPT.
And then there is the challenge to get the Flash app to use the SSL version of RTMPT. By closing port 1935 RTMPT on 8088 is automatically used, but clear text.
*sigh*
BC
On 01/28/13 21:01, Stephen Cottham wrote:
Hey Bart,
Are you using a self-signed certificate by chance?
have you tried different browsers?
Using self-signed certs we have seen problems like this in a few browsers before, (if your using Windows you can import the self-signed cert into the trusted repo and try again this has resolved some issues before)
I don’t believe you need to set the path to the cert explicitly in red5-core.xml like you are saying below, I have this working on 2.0 and 2.1 without issues (using a legit cert) and have had mixed results using a self-signed and had some issues with Mozilla and chrome using their sandbox with both.
Best Regards
Stephen Cottham
Group IT Manager (Associate)
Robert Bird Group
Level 5, 333 Ann St
Brisbane, Queensland, 4000, Australia
Phone: +6173 319 2777 (AUS)
Phone: +44207 633 2880 (UK)
Fax: +6173 319 2799
Mobile: +61400 756 963 (AUS)
Mobile: +447900 918 616 (UK)
Web: www.robertbird.com <http://www.robertbird.com/>
<mime-attachment.gif> <http://www.robertbird.com.au/>
This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses.
<mime-attachment.png>
Disclaimer added by CodeTwo Exchange Rules
www.codetwo.com
From: Bart Coninckx [mailto:bart.coninckx@telenet.be]
Sent: 28 January 2013 19:42
To: openmeetings-user@incubator.apache.org
Subject: Re: RTMPS woes
Well, it did seem to be an effect of the path: the error message disappeared once I changed
<property name="keystoreFile" value="conf/keystore">
into
<property name="keystoreFile" value="/data/openmeetings/conf/keystore">
in red5-core.xml
This reflects the real path on my server. Some one might want to add this to the documentation.
The situation now is like this gentleman describes:
https://issues.apache.org/jira/browse/OPENMEETINGS-500
I can't shake the feeling the documentation is missing something ...
BC
On 01/28/13 00:49, Bart Coninckx wrote:
One addition: I installed in /data/openmeetings, but I had this reflected in the init.d script that starts OpenMeetings. I hope that is OK?
BC
On 01/28/13 00:47, Bart Coninckx wrote:
Hi all,
been trying to get SSL rolling following the docs on http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
I doublechecked everything but conecting to the OM site produces a "try 1", "try 2" etc and ends in NetConnection.Connect.Failed
The red5 console says:
[WARN] [NioProcessor-19] org.red5.server.net.rtmps.RTMPSMinaIoHandler - Exception caught Keystore or password are null
the keystore is in "RED5_HOME"/conf and the passwords works.
While capturing the packets I see a lot on 443, so HTTPS seems OK and jsut a fiew on 5443, so my guess is that RTMPS has a problem.
The only step I did not do in the docu was:
7. Create additional certificate as described above. Add this certificate to the following keystores: red5/conf/keystore.screen and red5/conf/keystore.
as it is not very clear. Do you need to create a new CSR and next a new CRT? Because that makes no sense. Or do I need a new keystore named keystore.screen and import the same certificates?
Thx for clarifying this,
BC
--
WBR
Maxim aka solomax
Stephen Cottham
Group IT Manager (Associate)
Robert Bird Group
Level 5, 333 Ann St
Brisbane, Queensland, 4000, Australia
Phone: +6173 319 2777 (AUS)
Phone: +44207 633 2880 (UK)
Fax: +6173 319 2799
Mobile: +61400 756 963 (AUS)
Mobile: +447900 918 616 (UK)
Web: www.robertbird.com
This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses.
Disclaimer added by CodeTwo Exchange Rules
http://www.codetwo.com
Re: RTMPS woes
Posted by Bart Coninckx <ba...@telenet.be>.
One last thing I'd like to report: the RTMPS and HTTPS setup with an
official certificat does NOT work for Flash under Linux.
It works fine on Windows however.
Thx,
BC
On 01/29/13 02:46, Maxim Solodovnik wrote:
> great you have things working :)
> the absolute path should not be necessary, relative works for me :)
>
>
> On Tue, Jan 29, 2013 at 4:44 AM, Stephen Cottham
> <Stephen.Cottham@robertbird.com.au
> <ma...@robertbird.com.au>> wrote:
>
> Yes you can simply copy the keystore to keystore.screen that works
> fine.
>
> Sent from my iPhone
>
> On 28 Jan 2013, at 21:42, "Bart Coninckx"
> <bart.coninckx@telenet.be <ma...@telenet.be>> wrote:
>
>> Thx Stephen,
>>
>> I think I got it - I made a self signed certificate as mentionned
>> on http://gregoire.org/2008/05/26/rtmps-in-red5/
>>
>> Next I did the changes as described and restarted red5. I did a
>> tcpdump on 5443 and I see packets going back and forth.
>>
>> The next challenge is to replace the self signed cert by a
>> wildcard Apache certificate I have lying around.
>>
>> The docs mention doing the same for keystore.screen (apparently
>> for screen sharing). What would keep me from simply copying
>> keystore to keystore.screen?
>>
>>
>> Cheers,
>> BC
>>
>>
>>
>> On 01/28/13 22:31, Stephen Cottham wrote:
>>>
>>> OM 2.1 and 2.0 definitely works with SSL and RTMPS – I wouldn’t
>>> give up on trying to get that working at this stage, can you run
>>> the OM instance using this script
>>>
>>> ./Red5-debug.sh
>>>
>>> Then can you see anything in the start-up that may shed some
>>> light on the issue?
>>>
>>> Im assuming that your build works without SSL? So we can rule
>>> that out?
>>>
>>> What distro are you running on?
>>>
>>> You can check out the install guide here just to check each step:
>>>
>>> https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools
>>>
>>> ·Installing OM2.x On Debian64 - Headless
>>>
>>> ·Installing OM2.x On Ubuntu64 - Headless
>>>
>>> ·Installing OM2.x On Ubuntu64 - Headless - v12.10
>>>
>>> The later section of the guides has the https and rtmps and some
>>> info on reverse proxy.
>>>
>>> I will run thru the guide step by step tomo using my cert to
>>> confirm is still working as normal, I need to update the SVN
>>> links anyways.
>>>
>>> Cheers
>>>
>>> *Stephen Cottham*
>>>
>>> *
>>> *Group IT Manager (Associate)
>>>
>>> Robert Bird Group
>>> Level 5, 333 Ann St
>>> Brisbane, Queensland, 4000, Australia
>>>
>>> *Phone: +6173 319 2777 (AUS)*
>>>
>>> *Phone: +44207 633 2880 (UK)*
>>>
>>> *Fax: +6173 319 2799*
>>>
>>> **
>>>
>>> *Mobile: +61400 756 963 (AUS)*
>>>
>>> *Mobile: +447900 918 616 (UK)*
>>>
>>> *Web: **www.robertbird.com* <http://www.robertbird.com/>
>>>
>>> <http://www.robertbird.com.au/><http://www.robertbird.com.au/>
>>>
>>> This email and any attachments are confidential and may contain
>>> legally privileged information or copyright material. Unless
>>> expressly stated, confidentiality and/or legal privilege is not
>>> intended to be waived by the sending of this email. The contents
>>> of this email, including any attachments, are intended solely
>>> for the use of the individual or entity to whom they are
>>> addressed. If you are not an intended recipient, please contact
>>> us immediately by return email and then delete both messages.
>>> You may not otherwise read, forward, copy, use or disclose this
>>> email or any attachments. Any views expressed in this email are
>>> those of the individual sender except where the sender
>>> expressly, and with authority, states otherwise. It is your
>>> responsibility to check any attachments for viruses or defects
>>> before opening or sending them on. None of the sender or its
>>> related entities accepts any liability for any consequential
>>> damage resulting from this email containing computer viruses.
>>>
>>>
>>> Disclaimer added by *CodeTwo Exchange Rules*
>>> www.codetwo.com <http://www.codetwo.com>
>>>
>>> *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
>>> *Sent:* 28 January 2013 20:57
>>> *To:* user@openmeetings.apache.org
>>> <ma...@openmeetings.apache.org>
>>> *Subject:* Re: RTMPS woes
>>>
>>> Wait a sec, I just read that RTMPS IS RTMPT over SSL !!
>>>
>>> Will do some morge digging into combining things with a reversed
>>> SSL proxy. I also saw pages using Stunnel, which is an ugly hack
>>> but if it works ...
>>>
>>>
>>> BC
>>>
>>>
>>> On 01/28/13 21:48, Bart Coninckx wrote:
>>>
>>> Hi Stephen,
>>>
>>> thx !
>>>
>>> tried both self-signed and an official one. Tried just one
>>> browser as we standardize to that browser (Internet Explorer).
>>> Getting RTMPS to work seems to be a daunting task.
>>> I'm trying to get it to work differently by looking at RTMPT
>>> and a SSL reversed proxy. Unfortunately a SSL/TLS version of
>>> RTMPT does not seem to exist, unless RTMPS does also a
>>> secured version of RTMPT.
>>> And then there is the challenge to get the Flash app to use
>>> the SSL version of RTMPT. By closing port 1935 RTMPT on 8088
>>> is automatically used, but clear text.
>>>
>>> *sigh*
>>>
>>> BC
>>>
>>>
>>>
>>> On 01/28/13 21:01, Stephen Cottham wrote:
>>>
>>> Hey Bart,
>>>
>>> Are you using a self-signed certificate by chance?
>>>
>>> have you tried different browsers?
>>>
>>> Using self-signed certs we have seen problems like this
>>> in a few browsers before, (if your using Windows you can
>>> import the self-signed cert into the trusted repo and
>>> try again this has resolved some issues before)
>>>
>>> I don’t believe you need to set the path to the cert
>>> explicitly in red5-core.xml like you are saying below, I
>>> have this working on 2.0 and 2.1 without issues (using a
>>> legit cert) and have had mixed results using a
>>> self-signed and had some issues with Mozilla and chrome
>>> using their sandbox with both.
>>>
>>> Best Regards
>>>
>>> *Stephen Cottham**
>>> *Group IT Manager (Associate)
>>>
>>> Robert Bird Group
>>> Level 5, 333 Ann St
>>> Brisbane, Queensland, 4000, Australia
>>>
>>> *Phone: +6173 319 2777 (AUS)*
>>>
>>> *Phone: +44207 633 2880 (UK)*
>>>
>>> *Fax: +6173 319 2799*
>>>
>>> *Mobile: +61400 756 963 (AUS)*
>>>
>>> *Mobile: +447900 918 616 (UK)*
>>>
>>> *Web: **www.robertbird.com* <http://www.robertbird.com/>
>>>
>>> <mime-attachment.gif> <http://www.robertbird.com.au/>
>>>
>>>
>>>
>>> This email and any attachments are confidential and may
>>> contain legally privileged information or copyright
>>> material. Unless expressly stated, confidentiality
>>> and/or legal privilege is not intended to be waived by
>>> the sending of this email. The contents of this email,
>>> including any attachments, are intended solely for the
>>> use of the individual or entity to whom they are
>>> addressed. If you are not an intended recipient, please
>>> contact us immediately by return email and then delete
>>> both messages. You may not otherwise read, forward,
>>> copy, use or disclose this email or any attachments. Any
>>> views expressed in this email are those of the
>>> individual sender except where the sender expressly, and
>>> with authority, states otherwise. It is your
>>> responsibility to check any attachments for viruses or
>>> defects before opening or sending them on. None of the
>>> sender or its related entities accepts any liability for
>>> any consequential damage resulting from this email
>>> containing computer viruses.
>>>
>>> <mime-attachment.png>
>>>
>>>
>>> Disclaimer added by *CodeTwo Exchange Rules*
>>> www.codetwo.com <http://www.codetwo.com>
>>>
>>> *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
>>> *Sent:* 28 January 2013 19:42
>>> *To:* openmeetings-user@incubator.apache.org
>>> <ma...@incubator.apache.org>
>>> *Subject:* Re: RTMPS woes
>>>
>>> Well, it did seem to be an effect of the path: the error
>>> message disappeared once I changed
>>>
>>> <property name="keystoreFile" value="conf/keystore">
>>> into
>>> <property name="keystoreFile"
>>> value="/data/openmeetings/conf/keystore">
>>>
>>> in red5-core.xml
>>>
>>> This reflects the real path on my server. Some one might
>>> want to add this to the documentation.
>>>
>>> The situation now is like this gentleman describes:
>>>
>>> https://issues.apache.org/jira/browse/OPENMEETINGS-500
>>>
>>> I can't shake the feeling the documentation is missing
>>> something ...
>>>
>>>
>>> BC
>>>
>>>
>>>
>>> On 01/28/13 00:49, Bart Coninckx wrote:
>>>
>>> One addition: I installed in /data/openmeetings, but
>>> I had this reflected in the init.d script that
>>> starts OpenMeetings. I hope that is OK?
>>>
>>> BC
>>>
>>> On 01/28/13 00:47, Bart Coninckx wrote:
>>>
>>> Hi all,
>>>
>>> been trying to get SSL rolling following the
>>> docs on
>>> http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
>>>
>>>
>>> I doublechecked everything but conecting to the
>>> OM site produces a "try 1", "try 2" etc and ends
>>> in NetConnection.Connect.Failed
>>>
>>> The red5 console says:
>>>
>>> [WARN] [NioProcessor-19]
>>> org.red5.server.net.rtmps.RTMPSMinaIoHandler -
>>> Exception caught Keystore or password are null
>>>
>>> the keystore is in "RED5_HOME"/conf and the
>>> passwords works.
>>>
>>> While capturing the packets I see a lot on 443,
>>> so HTTPS seems OK and jsut a fiew on 5443, so my
>>> guess is that RTMPS has a problem.
>>>
>>>
>>> The only step I did not do in the docu was:
>>>
>>> 7. Create additional certificate as described
>>> above. Add this certificate to the following
>>> keystores: red5/conf/keystore.screen and
>>> red5/conf/keystore.
>>>
>>> as it is not very clear. Do you need to create a
>>> new CSR and next a new CRT? Because that makes
>>> no sense. Or do I need a new keystore named
>>> keystore.screen and import the same certificates?
>>>
>>> Thx for clarifying this,
>>>
>>> BC
>>>
>>>
>>>
>>>
>>
>
>
>
> --
> WBR
> Maxim aka solomax
Re: RTMPS woes
Posted by Maxim Solodovnik <so...@gmail.com>.
great you have things working :)
the absolute path should not be necessary, relative works for me :)
On Tue, Jan 29, 2013 at 4:44 AM, Stephen Cottham <
Stephen.Cottham@robertbird.com.au> wrote:
> Yes you can simply copy the keystore to keystore.screen that works fine.
>
> Sent from my iPhone
>
> On 28 Jan 2013, at 21:42, "Bart Coninckx" <ba...@telenet.be>
> wrote:
>
> Thx Stephen,
>
> I think I got it - I made a self signed certificate as mentionned on
> http://gregoire.org/2008/05/26/rtmps-in-red5/
>
> Next I did the changes as described and restarted red5. I did a tcpdump
> on 5443 and I see packets going back and forth.
>
> The next challenge is to replace the self signed cert by a wildcard Apache
> certificate I have lying around.
>
> The docs mention doing the same for keystore.screen (apparently for screen
> sharing). What would keep me from simply copying keystore to
> keystore.screen?
>
>
> Cheers,
> BC
>
>
>
> On 01/28/13 22:31, Stephen Cottham wrote:
>
> OM 2.1 and 2.0 definitely works with SSL and RTMPS – I wouldn’t give up
> on trying to get that working at this stage, can you run the OM instance
> using this script****
>
> ** **
>
> ./Red5-debug.sh****
>
> ** **
>
> Then can you see anything in the start-up that may shed some light on the
> issue?****
>
> ** **
>
> Im assuming that your build works without SSL? So we can rule that out?***
> *
>
> ** **
>
> What distro are you running on?****
>
> ** **
>
> You can check out the install guide here just to check each step:****
>
> ** **
>
>
> https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools
> ****
>
> ** **
>
> · Installing OM2.x On Debian64 - Headless****
>
> · Installing OM2.x On Ubuntu64 - Headless****
>
> · Installing OM2.x On Ubuntu64 - Headless - v12.10****
>
> ** **
>
> The later section of the guides has the https and rtmps and some info on
> reverse proxy. ****
>
> ** **
>
> I will run thru the guide step by step tomo using my cert to confirm is
> still working as normal, I need to update the SVN links anyways.****
>
> ** **
>
> Cheers****
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> *Stephen Cottham*
> *
> *Group IT Manager (Associate)
>
> Robert Bird Group
> Level 5, 333 Ann St
> Brisbane, Queensland, 4000, Australia****
>
> *Phone: +6173 319 2777 (AUS)*
>
> *Phone: +44207 633 2880 (UK)*****
>
> *Fax: +6173 319 2799*
>
> ******
>
> *Mobile: +61400 756 963 (AUS)*
>
> *Mobile: +447900 918 616 (UK)*
>
> *Web: **www.robertbird.com* <http://www.robertbird.com/>****
>
> ********************************************************************<http://www.robertbird.com.au/><http://www.robertbird.com.au/>
>
> This email and any attachments are confidential and may contain legally
> privileged information or copyright material. Unless expressly stated,
> confidentiality and/or legal privilege is not intended to be waived by the
> sending of this email. The contents of this email, including any
> attachments, are intended solely for the use of the individual or entity to
> whom they are addressed. If you are not an intended recipient, please
> contact us immediately by return email and then delete both messages. You
> may not otherwise read, forward, copy, use or disclose this email or any
> attachments. Any views expressed in this email are those of the individual
> sender except where the sender expressly, and with authority, states
> otherwise. It is your responsibility to check any attachments for viruses
> or defects before opening or sending them on. None of the sender or its
> related entities accepts any liability for any consequential damage
> resulting from this email containing computer viruses.
>
>
> Disclaimer added by *CodeTwo Exchange Rules*
> www.codetwo.com
>
> *From:* Bart Coninckx [mailto:bart.coninckx@telenet.be<ba...@telenet.be>]
>
> *Sent:* 28 January 2013 20:57
> *To:* user@openmeetings.apache.org
> *Subject:* Re: RTMPS woes****
>
> ** **
>
> Wait a sec, I just read that RTMPS IS RTMPT over SSL !!
>
> Will do some morge digging into combining things with a reversed SSL
> proxy. I also saw pages using Stunnel, which is an ugly hack but if it
> works ...
>
>
> BC
>
>
> On 01/28/13 21:48, Bart Coninckx wrote:****
>
> Hi Stephen,
>
> thx !
>
> tried both self-signed and an official one. Tried just one browser as we
> standardize to that browser (Internet Explorer).
> Getting RTMPS to work seems to be a daunting task.
> I'm trying to get it to work differently by looking at RTMPT and a SSL
> reversed proxy. Unfortunately a SSL/TLS version of RTMPT does not seem to
> exist, unless RTMPS does also a secured version of RTMPT.
> And then there is the challenge to get the Flash app to use the SSL
> version of RTMPT. By closing port 1935 RTMPT on 8088 is automatically used,
> but clear text.
>
> *sigh*
>
> BC
>
>
>
> On 01/28/13 21:01, Stephen Cottham wrote:****
>
> Hey Bart,****
>
> ****
>
> Are you using a self-signed certificate by chance?****
>
> ****
>
> have you tried different browsers? ****
>
> ****
>
> Using self-signed certs we have seen problems like this in a few browsers
> before, (if your using Windows you can import the self-signed cert into the
> trusted repo and try again this has resolved some issues before)****
>
> ****
>
> I don’t believe you need to set the path to the cert explicitly in
> red5-core.xml like you are saying below, I have this working on 2.0 and 2.1
> without issues (using a legit cert) and have had mixed results using a
> self-signed and had some issues with Mozilla and chrome using their sandbox
> with both.****
>
> ****
>
> ****
>
> Best Regards****
>
> ****
>
> ****
>
> *Stephen Cottham**
> *Group IT Manager (Associate)
>
> Robert Bird Group
> Level 5, 333 Ann St
> Brisbane, Queensland, 4000, Australia****
>
> *Phone: +6173 319 2777 (AUS)*****
>
> *Phone: +44207 633 2880 (UK)*****
>
> *Fax: +6173 319 2799*****
>
> ****
>
> *Mobile: +61400 756 963 (AUS)*****
>
> *Mobile: +447900 918 616 (UK)*****
>
> *Web: **www.robertbird.com* <http://www.robertbird.com/>****
>
> <mime-attachment.gif> <http://www.robertbird.com.au/>
>
>
> This email and any attachments are confidential and may contain legally
> privileged information or copyright material. Unless expressly stated,
> confidentiality and/or legal privilege is not intended to be waived by the
> sending of this email. The contents of this email, including any
> attachments, are intended solely for the use of the individual or entity to
> whom they are addressed. If you are not an intended recipient, please
> contact us immediately by return email and then delete both messages. You
> may not otherwise read, forward, copy, use or disclose this email or any
> attachments. Any views expressed in this email are those of the individual
> sender except where the sender expressly, and with authority, states
> otherwise. It is your responsibility to check any attachments for viruses
> or defects before opening or sending them on. None of the sender or its
> related entities accepts any liability for any consequential damage
> resulting from this email containing computer viruses. ****
>
> <mime-attachment.png>****
>
>
> Disclaimer added by *CodeTwo Exchange Rules*
> www.codetwo.com****
>
> ** **
>
> *From:* Bart Coninckx [mailto:bart.coninckx@telenet.be<ba...@telenet.be>]
>
> *Sent:* 28 January 2013 19:42
> *To:* openmeetings-user@incubator.apache.org
> *Subject:* Re: RTMPS woes****
>
> ****
>
> Well, it did seem to be an effect of the path: the error message
> disappeared once I changed
>
> <property name="keystoreFile" value="conf/keystore">
> into
> <property name="keystoreFile" value="/data/openmeetings/conf/keystore">
>
> in red5-core.xml
>
> This reflects the real path on my server. Some one might want to add this
> to the documentation.
>
> The situation now is like this gentleman describes:
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-500
>
> I can't shake the feeling the documentation is missing something ...
>
>
> BC
>
>
>
> On 01/28/13 00:49, Bart Coninckx wrote:****
>
> One addition: I installed in /data/openmeetings, but I had this
> reflected in the init.d script that starts OpenMeetings. I hope that is OK?
>
> BC
>
> On 01/28/13 00:47, Bart Coninckx wrote:****
>
> Hi all,
>
> been trying to get SSL rolling following the docs on
> http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
>
> I doublechecked everything but conecting to the OM site produces a "try
> 1", "try 2" etc and ends in NetConnection.Connect.Failed
>
> The red5 console says:
>
> [WARN] [NioProcessor-19] org.red5.server.net.rtmps.RTMPSMinaIoHandler -
> Exception caught Keystore or password are null
>
> the keystore is in "RED5_HOME"/conf and the passwords works.
>
> While capturing the packets I see a lot on 443, so HTTPS seems OK and jsut
> a fiew on 5443, so my guess is that RTMPS has a problem.
>
>
> The only step I did not do in the docu was:
>
> 7. Create additional certificate as described above. Add this certificate
> to the following keystores: red5/conf/keystore.screen and
> red5/conf/keystore.
>
> as it is not very clear. Do you need to create a new CSR and next a new
> CRT? Because that makes no sense. Or do I need a new keystore named
> keystore.screen and import the same certificates?
>
> Thx for clarifying this,
>
> BC
>
>
>
>
> ****
>
> ****
>
> ****
>
> ** **
>
> ** **
>
>
>
--
WBR
Maxim aka solomax
Re: RTMPS woes
Posted by Stephen Cottham <St...@robertbird.com.au>.
Yes you can simply copy the keystore to keystore.screen that works fine.
Sent from my iPhone
On 28 Jan 2013, at 21:42, "Bart Coninckx" <ba...@telenet.be> wrote:
> Thx Stephen,
>
> I think I got it - I made a self signed certificate as mentionned on http://gregoire.org/2008/05/26/rtmps-in-red5/
>
> Next I did the changes as described and restarted red5. I did a tcpdump on 5443 and I see packets going back and forth.
>
> The next challenge is to replace the self signed cert by a wildcard Apache certificate I have lying around.
>
> The docs mention doing the same for keystore.screen (apparently for screen sharing). What would keep me from simply copying keystore to keystore.screen?
>
>
> Cheers,
> BC
>
>
>
> On 01/28/13 22:31, Stephen Cottham wrote:
>> OM 2.1 and 2.0 definitely works with SSL and RTMPS – I wouldn’t give up on trying to get that working at this stage, can you run the OM instance using this script
>>
>> ./Red5-debug.sh
>>
>> Then can you see anything in the start-up that may shed some light on the issue?
>>
>> Im assuming that your build works without SSL? So we can rule that out?
>>
>> What distro are you running on?
>>
>> You can check out the install guide here just to check each step:
>>
>> https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools
>>
>> · Installing OM2.x On Debian64 - Headless
>> · Installing OM2.x On Ubuntu64 - Headless
>> · Installing OM2.x On Ubuntu64 - Headless - v12.10
>>
>> The later section of the guides has the https and rtmps and some info on reverse proxy.
>>
>> I will run thru the guide step by step tomo using my cert to confirm is still working as normal, I need to update the SVN links anyways.
>>
>> Cheers
>>
>>
>>
>>
>>
>> From: Bart Coninckx [mailto:bart.coninckx@telenet.be]
>> Sent: 28 January 2013 20:57
>> To: user@openmeetings.apache.org
>> Subject: Re: RTMPS woes
>>
>> Wait a sec, I just read that RTMPS IS RTMPT over SSL !!
>>
>> Will do some morge digging into combining things with a reversed SSL proxy. I also saw pages using Stunnel, which is an ugly hack but if it works ...
>>
>>
>> BC
>>
>>
>> On 01/28/13 21:48, Bart Coninckx wrote:
>> Hi Stephen,
>>
>> thx !
>>
>> tried both self-signed and an official one. Tried just one browser as we standardize to that browser (Internet Explorer).
>> Getting RTMPS to work seems to be a daunting task.
>> I'm trying to get it to work differently by looking at RTMPT and a SSL reversed proxy. Unfortunately a SSL/TLS version of RTMPT does not seem to exist, unless RTMPS does also a secured version of RTMPT.
>> And then there is the challenge to get the Flash app to use the SSL version of RTMPT. By closing port 1935 RTMPT on 8088 is automatically used, but clear text.
>>
>> *sigh*
>>
>> BC
>>
>>
>>
>> On 01/28/13 21:01, Stephen Cottham wrote:
>> Hey Bart,
>>
>> Are you using a self-signed certificate by chance?
>>
>> have you tried different browsers?
>>
>> Using self-signed certs we have seen problems like this in a few browsers before, (if your using Windows you can import the self-signed cert into the trusted repo and try again this has resolved some issues before)
>>
>> I don’t believe you need to set the path to the cert explicitly in red5-core.xml like you are saying below, I have this working on 2.0 and 2.1 without issues (using a legit cert) and have had mixed results using a self-signed and had some issues with Mozilla and chrome using their sandbox with both.
>>
>>
>> Best Regards
>>
>>
>> Stephen Cottham
>> Group IT Manager (Associate)
>>
>> Robert Bird Group
>> Level 5, 333 Ann St
>> Brisbane, Queensland, 4000, Australia
>> Phone: +6173 319 2777 (AUS)
>> Phone: +44207 633 2880 (UK)
>> Fax: +6173 319 2799
>>
>> Mobile: +61400 756 963 (AUS)
>> Mobile: +447900 918 616 (UK)
>> Web: www.robertbird.com
>>
>> <mime-attachment.gif>
>>
>> This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses.
>>
>> <mime-attachment.png>
>>
>>
>> Disclaimer added by CodeTwo Exchange Rules
>> www.codetwo.com
>>
>> From: Bart Coninckx [mailto:bart.coninckx@telenet.be]
>> Sent: 28 January 2013 19:42
>> To: openmeetings-user@incubator.apache.org
>> Subject: Re: RTMPS woes
>>
>> Well, it did seem to be an effect of the path: the error message disappeared once I changed
>>
>> <property name="keystoreFile" value="conf/keystore">
>> into
>> <property name="keystoreFile" value="/data/openmeetings/conf/keystore">
>>
>> in red5-core.xml
>>
>> This reflects the real path on my server. Some one might want to add this to the documentation.
>>
>> The situation now is like this gentleman describes:
>>
>> https://issues.apache.org/jira/browse/OPENMEETINGS-500
>>
>> I can't shake the feeling the documentation is missing something ...
>>
>>
>> BC
>>
>>
>>
>> On 01/28/13 00:49, Bart Coninckx wrote:
>> One addition: I installed in /data/openmeetings, but I had this reflected in the init.d script that starts OpenMeetings. I hope that is OK?
>>
>> BC
>>
>> On 01/28/13 00:47, Bart Coninckx wrote:
>> Hi all,
>>
>> been trying to get SSL rolling following the docs on http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
>>
>> I doublechecked everything but conecting to the OM site produces a "try 1", "try 2" etc and ends in NetConnection.Connect.Failed
>>
>> The red5 console says:
>>
>> [WARN] [NioProcessor-19] org.red5.server.net.rtmps.RTMPSMinaIoHandler - Exception caught Keystore or password are null
>>
>> the keystore is in "RED5_HOME"/conf and the passwords works.
>>
>> While capturing the packets I see a lot on 443, so HTTPS seems OK and jsut a fiew on 5443, so my guess is that RTMPS has a problem.
>>
>>
>> The only step I did not do in the docu was:
>>
>> 7. Create additional certificate as described above. Add this certificate to the following keystores: red5/conf/keystore.screen and red5/conf/keystore.
>>
>> as it is not very clear. Do you need to create a new CSR and next a new CRT? Because that makes no sense. Or do I need a new keystore named keystore.screen and import the same certificates?
>>
>> Thx for clarifying this,
>>
>> BC
>
Stephen Cottham
Group IT Manager (Associate)
Robert Bird Group
Level 5, 333 Ann St
Brisbane, Queensland, 4000, Australia
Phone: +6173 319 2777 (AUS)
Phone: +44207 633 2880 (UK)
Fax: +6173 319 2799
Mobile: +61400 756 963 (AUS)
Mobile: +447900 918 616 (UK)
Web: www.robertbird.com
This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses.
Disclaimer added by CodeTwo Exchange Rules
http://www.codetwo.com
Re: RTMPS woes
Posted by Bart Coninckx <ba...@telenet.be>.
Thx Stephen,
I think I got it - I made a self signed certificate as mentionned on
http://gregoire.org/2008/05/26/rtmps-in-red5/
Next I did the changes as described and restarted red5. I did a tcpdump
on 5443 and I see packets going back and forth.
The next challenge is to replace the self signed cert by a wildcard
Apache certificate I have lying around.
The docs mention doing the same for keystore.screen (apparently for
screen sharing). What would keep me from simply copying keystore to
keystore.screen?
Cheers,
BC
On 01/28/13 22:31, Stephen Cottham wrote:
>
> OM 2.1 and 2.0 definitely works with SSL and RTMPS -- I wouldn't give
> up on trying to get that working at this stage, can you run the OM
> instance using this script
>
> ./Red5-debug.sh
>
> Then can you see anything in the start-up that may shed some light on
> the issue?
>
> Im assuming that your build works without SSL? So we can rule that out?
>
> What distro are you running on?
>
> You can check out the install guide here just to check each step:
>
> https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools
>
> ·Installing OM2.x On Debian64 - Headless
>
> ·Installing OM2.x On Ubuntu64 - Headless
>
> ·Installing OM2.x On Ubuntu64 - Headless - v12.10
>
> The later section of the guides has the https and rtmps and some info
> on reverse proxy.
>
> I will run thru the guide step by step tomo using my cert to confirm
> is still working as normal, I need to update the SVN links anyways.
>
> Cheers
>
> *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
> *Sent:* 28 January 2013 20:57
> *To:* user@openmeetings.apache.org
> *Subject:* Re: RTMPS woes
>
> Wait a sec, I just read that RTMPS IS RTMPT over SSL !!
>
> Will do some morge digging into combining things with a reversed SSL
> proxy. I also saw pages using Stunnel, which is an ugly hack but if it
> works ...
>
>
> BC
>
>
> On 01/28/13 21:48, Bart Coninckx wrote:
>
> Hi Stephen,
>
> thx !
>
> tried both self-signed and an official one. Tried just one browser
> as we standardize to that browser (Internet Explorer).
> Getting RTMPS to work seems to be a daunting task.
> I'm trying to get it to work differently by looking at RTMPT and a
> SSL reversed proxy. Unfortunately a SSL/TLS version of RTMPT does
> not seem to exist, unless RTMPS does also a secured version of RTMPT.
> And then there is the challenge to get the Flash app to use the
> SSL version of RTMPT. By closing port 1935 RTMPT on 8088 is
> automatically used, but clear text.
>
> *sigh*
>
> BC
>
>
>
> On 01/28/13 21:01, Stephen Cottham wrote:
>
> Hey Bart,
>
> Are you using a self-signed certificate by chance?
>
> have you tried different browsers?
>
> Using self-signed certs we have seen problems like this in a
> few browsers before, (if your using Windows you can import the
> self-signed cert into the trusted repo and try again this has
> resolved some issues before)
>
> I don't believe you need to set the path to the cert
> explicitly in red5-core.xml like you are saying below, I have
> this working on 2.0 and 2.1 without issues (using a legit
> cert) and have had mixed results using a self-signed and had
> some issues with Mozilla and chrome using their sandbox with both.
>
> Best Regards
>
> *Stephen Cottham**
> *Group IT Manager (Associate)
>
> Robert Bird Group
> Level 5, 333 Ann St
> Brisbane, Queensland, 4000, Australia
>
> *Phone: +6173 319 2777 (AUS)*
>
> *Phone: +44207 633 2880 (UK)*
>
> *Fax: +6173 319 2799*
>
> *Mobile: +61400 756 963 (AUS)*
>
> *Mobile: +447900 918 616 (UK)*
>
> *Web: **www.robertbird.com* <http://www.robertbird.com/>
>
> <http://www.robertbird.com.au/>
>
> This email and any attachments are confidential and may
> contain legally privileged information or copyright material.
> Unless expressly stated, confidentiality and/or legal
> privilege is not intended to be waived by the sending of this
> email. The contents of this email, including any attachments,
> are intended solely for the use of the individual or entity to
> whom they are addressed. If you are not an intended recipient,
> please contact us immediately by return email and then delete
> both messages. You may not otherwise read, forward, copy, use
> or disclose this email or any attachments. Any views expressed
> in this email are those of the individual sender except where
> the sender expressly, and with authority, states otherwise. It
> is your responsibility to check any attachments for viruses or
> defects before opening or sending them on. None of the sender
> or its related entities accepts any liability for any
> consequential damage resulting from this email containing
> computer viruses.
>
>
> Disclaimer added by *CodeTwo Exchange Rules*
> www.codetwo.com <http://www.codetwo.com>
>
> *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
> *Sent:* 28 January 2013 19:42
> *To:* openmeetings-user@incubator.apache.org
> <ma...@incubator.apache.org>
> *Subject:* Re: RTMPS woes
>
> Well, it did seem to be an effect of the path: the error
> message disappeared once I changed
>
> <property name="keystoreFile" value="conf/keystore">
> into
> <property name="keystoreFile"
> value="/data/openmeetings/conf/keystore">
>
> in red5-core.xml
>
> This reflects the real path on my server. Some one might want
> to add this to the documentation.
>
> The situation now is like this gentleman describes:
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-500
>
> I can't shake the feeling the documentation is missing
> something ...
>
>
> BC
>
>
>
> On 01/28/13 00:49, Bart Coninckx wrote:
>
> One addition: I installed in /data/openmeetings, but I had
> this reflected in the init.d script that starts
> OpenMeetings. I hope that is OK?
>
> BC
>
> On 01/28/13 00:47, Bart Coninckx wrote:
>
> Hi all,
>
> been trying to get SSL rolling following the docs on
> http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
>
>
> I doublechecked everything but conecting to the OM
> site produces a "try 1", "try 2" etc and ends in
> NetConnection.Connect.Failed
>
> The red5 console says:
>
> [WARN] [NioProcessor-19]
> org.red5.server.net.rtmps.RTMPSMinaIoHandler -
> Exception caught Keystore or password are null
>
> the keystore is in "RED5_HOME"/conf and the passwords
> works.
>
> While capturing the packets I see a lot on 443, so
> HTTPS seems OK and jsut a fiew on 5443, so my guess is
> that RTMPS has a problem.
>
>
> The only step I did not do in the docu was:
>
> 7. Create additional certificate as described above.
> Add this certificate to the following keystores:
> red5/conf/keystore.screen and red5/conf/keystore.
>
> as it is not very clear. Do you need to create a new
> CSR and next a new CRT? Because that makes no sense.
> Or do I need a new keystore named keystore.screen and
> import the same certificates?
>
> Thx for clarifying this,
>
> BC
>
>
>
>
RE: RTMPS woes
Posted by Stephen Cottham <St...@robertbird.com.au>.
OM 2.1 and 2.0 definitely works with SSL and RTMPS - I wouldn't give up
on trying to get that working at this stage, can you run the OM instance
using this script
./Red5-debug.sh
Then can you see anything in the start-up that may shed some light on
the issue?
Im assuming that your build works without SSL? So we can rule that out?
What distro are you running on?
You can check out the install guide here just to check each step:
https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+i
nstalling+OpenMeetings+and+Tools
* Installing OM2.x On Debian64 - Headless
* Installing OM2.x On Ubuntu64 - Headless
* Installing OM2.x On Ubuntu64 - Headless - v12.10
The later section of the guides has the https and rtmps and some info on
reverse proxy.
I will run thru the guide step by step tomo using my cert to confirm is
still working as normal, I need to update the SVN links anyways.
Cheers
From: Bart Coninckx [mailto:bart.coninckx@telenet.be]
Sent: 28 January 2013 20:57
To: user@openmeetings.apache.org
Subject: Re: RTMPS woes
Wait a sec, I just read that RTMPS IS RTMPT over SSL !!
Will do some morge digging into combining things with a reversed SSL
proxy. I also saw pages using Stunnel, which is an ugly hack but if it
works ...
BC
On 01/28/13 21:48, Bart Coninckx wrote:
Hi Stephen,
thx !
tried both self-signed and an official one. Tried just one
browser as we standardize to that browser (Internet Explorer).
Getting RTMPS to work seems to be a daunting task.
I'm trying to get it to work differently by looking at RTMPT and
a SSL reversed proxy. Unfortunately a SSL/TLS version of RTMPT does not
seem to exist, unless RTMPS does also a secured version of RTMPT.
And then there is the challenge to get the Flash app to use the
SSL version of RTMPT. By closing port 1935 RTMPT on 8088 is
automatically used, but clear text.
*sigh*
BC
On 01/28/13 21:01, Stephen Cottham wrote:
Hey Bart,
Are you using a self-signed certificate by chance?
have you tried different browsers?
Using self-signed certs we have seen problems like this
in a few browsers before, (if your using Windows you can import the
self-signed cert into the trusted repo and try again this has resolved
some issues before)
I don't believe you need to set the path to the cert
explicitly in red5-core.xml like you are saying below, I have this
working on 2.0 and 2.1 without issues (using a legit cert) and have had
mixed results using a self-signed and had some issues with Mozilla and
chrome using their sandbox with both.
Best Regards
Stephen Cottham
Group IT Manager (Associate)
Robert Bird Group
Level 5, 333 Ann St
Brisbane, Queensland, 4000, Australia
Phone: +6173 319 2777 (AUS)
Phone: +44207 633 2880 (UK)
Fax: +6173 319 2799
Mobile: +61400 756 963 (AUS)
Mobile: +447900 918 616 (UK)
Web: www.robertbird.com <http://www.robertbird.com/>
<http://www.robertbird.com.au/>
This email and any attachments are confidential and may
contain legally privileged information or copyright material. Unless
expressly stated, confidentiality and/or legal privilege is not intended
to be waived by the sending of this email. The contents of this email,
including any attachments, are intended solely for the use of the
individual or entity to whom they are addressed. If you are not an
intended recipient, please contact us immediately by return email and
then delete both messages. You may not otherwise read, forward, copy,
use or disclose this email or any attachments. Any views expressed in
this email are those of the individual sender except where the sender
expressly, and with authority, states otherwise. It is your
responsibility to check any attachments for viruses or defects before
opening or sending them on. None of the sender or its related entities
accepts any liability for any consequential damage resulting from this
email containing computer viruses.
Disclaimer added by CodeTwo Exchange Rules
www.codetwo.com
From: Bart Coninckx [mailto:bart.coninckx@telenet.be]
Sent: 28 January 2013 19:42
To: openmeetings-user@incubator.apache.org
Subject: Re: RTMPS woes
Well, it did seem to be an effect of the path: the error
message disappeared once I changed
<property name="keystoreFile" value="conf/keystore">
into
<property name="keystoreFile"
value="/data/openmeetings/conf/keystore">
in red5-core.xml
This reflects the real path on my server. Some one might
want to add this to the documentation.
The situation now is like this gentleman describes:
https://issues.apache.org/jira/browse/OPENMEETINGS-500
I can't shake the feeling the documentation is missing
something ...
BC
On 01/28/13 00:49, Bart Coninckx wrote:
One addition: I installed in /data/openmeetings,
but I had this reflected in the init.d script that starts OpenMeetings.
I hope that is OK?
BC
On 01/28/13 00:47, Bart Coninckx wrote:
Hi all,
been trying to get SSL rolling following
the docs on http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
I doublechecked everything but conecting
to the OM site produces a "try 1", "try 2" etc and ends in
NetConnection.Connect.Failed
The red5 console says:
[WARN] [NioProcessor-19]
org.red5.server.net.rtmps.RTMPSMinaIoHandler - Exception caught Keystore
or password are null
the keystore is in "RED5_HOME"/conf and
the passwords works.
While capturing the packets I see a lot
on 443, so HTTPS seems OK and jsut a fiew on 5443, so my guess is that
RTMPS has a problem.
The only step I did not do in the docu
was:
7. Create additional certificate as
described above. Add this certificate to the following keystores:
red5/conf/keystore.screen and red5/conf/keystore.
as it is not very clear. Do you need to
create a new CSR and next a new CRT? Because that makes no sense. Or do
I need a new keystore named keystore.screen and import the same
certificates?
Thx for clarifying this,
BC
Stephen Cottham
Group IT Manager (Associate)
Robert Bird Group
Level 5, 333 Ann St
Brisbane, Queensland, 4000, Australia
Phone: +6173 319 2777 (AUS)
Phone: +44207 633 2880 (UK)
Fax: +6173 319 2799
Mobile: +61400 756 963 (AUS)
Mobile: +447900 918 616 (UK)
Web: www.robertbird.com
This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses.
Disclaimer added by CodeTwo Exchange Rules
http://www.codetwo.com
Re: RTMPS woes
Posted by Bart Coninckx <ba...@telenet.be>.
Wait a sec, I just read that RTMPS IS RTMPT over SSL !!
Will do some morge digging into combining things with a reversed SSL
proxy. I also saw pages using Stunnel, which is an ugly hack but if it
works ...
BC
On 01/28/13 21:48, Bart Coninckx wrote:
> Hi Stephen,
>
> thx !
>
> tried both self-signed and an official one. Tried just one browser as
> we standardize to that browser (Internet Explorer).
> Getting RTMPS to work seems to be a daunting task.
> I'm trying to get it to work differently by looking at RTMPT and a SSL
> reversed proxy. Unfortunately a SSL/TLS version of RTMPT does not seem
> to exist, unless RTMPS does also a secured version of RTMPT.
> And then there is the challenge to get the Flash app to use the SSL
> version of RTMPT. By closing port 1935 RTMPT on 8088 is automatically
> used, but clear text.
>
> *sigh*
>
> BC
>
>
>
> On 01/28/13 21:01, Stephen Cottham wrote:
>>
>> Hey Bart,
>>
>> Are you using a self-signed certificate by chance?
>>
>> have you tried different browsers?
>>
>> Using self-signed certs we have seen problems like this in a few
>> browsers before, (if your using Windows you can import the
>> self-signed cert into the trusted repo and try again this has
>> resolved some issues before)
>>
>> I don't believe you need to set the path to the cert explicitly in
>> red5-core.xml like you are saying below, I have this working on 2.0
>> and 2.1 without issues (using a legit cert) and have had mixed
>> results using a self-signed and had some issues with Mozilla and
>> chrome using their sandbox with both.
>>
>> Best Regards
>>
>> *Stephen Cottham**
>> *Group IT Manager (Associate)
>>
>> Robert Bird Group
>> Level 5, 333 Ann St
>> Brisbane, Queensland, 4000, Australia
>>
>> *Phone: +6173 319 2777 (AUS)*
>>
>> *Phone: +44207 633 2880 (UK)*
>>
>> *Fax: +6173 319 2799*
>>
>> **
>>
>> *Mobile: +61400 756 963 (AUS)*
>>
>> *Mobile: +447900 918 616 (UK)*
>>
>> *Web: **www.robertbird.com* <http://www.robertbird.com/>
>>
>> <http://www.robertbird.com.au/><http://www.robertbird.com.au/>
>>
>> This email and any attachments are confidential and may contain
>> legally privileged information or copyright material. Unless
>> expressly stated, confidentiality and/or legal privilege is not
>> intended to be waived by the sending of this email. The contents of
>> this email, including any attachments, are intended solely for the
>> use of the individual or entity to whom they are addressed. If you
>> are not an intended recipient, please contact us immediately by
>> return email and then delete both messages. You may not otherwise
>> read, forward, copy, use or disclose this email or any attachments.
>> Any views expressed in this email are those of the individual sender
>> except where the sender expressly, and with authority, states
>> otherwise. It is your responsibility to check any attachments for
>> viruses or defects before opening or sending them on. None of the
>> sender or its related entities accepts any liability for any
>> consequential damage resulting from this email containing computer
>> viruses.
>>
>>
>> Disclaimer added by *CodeTwo Exchange Rules*
>> www.codetwo.com <http://www.codetwo.com>
>>
>> *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
>> *Sent:* 28 January 2013 19:42
>> *To:* openmeetings-user@incubator.apache.org
>> *Subject:* Re: RTMPS woes
>>
>> Well, it did seem to be an effect of the path: the error message
>> disappeared once I changed
>>
>> <property name="keystoreFile" value="conf/keystore">
>> into
>> <property name="keystoreFile" value="/data/openmeetings/conf/keystore">
>>
>> in red5-core.xml
>>
>> This reflects the real path on my server. Some one might want to add
>> this to the documentation.
>>
>> The situation now is like this gentleman describes:
>>
>> https://issues.apache.org/jira/browse/OPENMEETINGS-500
>>
>> I can't shake the feeling the documentation is missing something ...
>>
>>
>> BC
>>
>>
>>
>> On 01/28/13 00:49, Bart Coninckx wrote:
>>
>> One addition: I installed in /data/openmeetings, but I had this
>> reflected in the init.d script that starts OpenMeetings. I hope
>> that is OK?
>>
>> BC
>>
>> On 01/28/13 00:47, Bart Coninckx wrote:
>>
>> Hi all,
>>
>> been trying to get SSL rolling following the docs on
>> http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
>>
>> I doublechecked everything but conecting to the OM site
>> produces a "try 1", "try 2" etc and ends in
>> NetConnection.Connect.Failed
>>
>> The red5 console says:
>>
>> [WARN] [NioProcessor-19]
>> org.red5.server.net.rtmps.RTMPSMinaIoHandler - Exception
>> caught Keystore or password are null
>>
>> the keystore is in "RED5_HOME"/conf and the passwords works.
>>
>> While capturing the packets I see a lot on 443, so HTTPS
>> seems OK and jsut a fiew on 5443, so my guess is that RTMPS
>> has a problem.
>>
>>
>> The only step I did not do in the docu was:
>>
>> 7. Create additional certificate as described above. Add this
>> certificate to the following keystores:
>> red5/conf/keystore.screen and red5/conf/keystore.
>>
>> as it is not very clear. Do you need to create a new CSR and
>> next a new CRT? Because that makes no sense. Or do I need a
>> new keystore named keystore.screen and import the same
>> certificates?
>>
>> Thx for clarifying this,
>>
>> BC
>>
>>
>>
>
Re: RTMPS woes
Posted by Bart Coninckx <ba...@telenet.be>.
Hi Stephen,
thx !
tried both self-signed and an official one. Tried just one browser as we
standardize to that browser (Internet Explorer).
Getting RTMPS to work seems to be a daunting task.
I'm trying to get it to work differently by looking at RTMPT and a SSL
reversed proxy. Unfortunately a SSL/TLS version of RTMPT does not seem
to exist, unless RTMPS does also a secured version of RTMPT.
And then there is the challenge to get the Flash app to use the SSL
version of RTMPT. By closing port 1935 RTMPT on 8088 is automatically
used, but clear text.
*sigh*
BC
On 01/28/13 21:01, Stephen Cottham wrote:
>
> Hey Bart,
>
> Are you using a self-signed certificate by chance?
>
> have you tried different browsers?
>
> Using self-signed certs we have seen problems like this in a few
> browsers before, (if your using Windows you can import the self-signed
> cert into the trusted repo and try again this has resolved some issues
> before)
>
> I don't believe you need to set the path to the cert explicitly in
> red5-core.xml like you are saying below, I have this working on 2.0
> and 2.1 without issues (using a legit cert) and have had mixed results
> using a self-signed and had some issues with Mozilla and chrome using
> their sandbox with both.
>
> Best Regards
>
> *Stephen Cottham**
> *Group IT Manager (Associate)
>
> Robert Bird Group
> Level 5, 333 Ann St
> Brisbane, Queensland, 4000, Australia
>
> *Phone: +6173 319 2777 (AUS)*
>
> *Phone: +44207 633 2880 (UK)*
>
> *Fax: +6173 319 2799*
>
> **
>
> *Mobile: +61400 756 963 (AUS)*
>
> *Mobile: +447900 918 616 (UK)*
>
> *Web: **www.robertbird.com* <http://www.robertbird.com/>
>
> <http://www.robertbird.com.au/><http://www.robertbird.com.au/>
>
> This email and any attachments are confidential and may contain
> legally privileged information or copyright material. Unless expressly
> stated, confidentiality and/or legal privilege is not intended to be
> waived by the sending of this email. The contents of this email,
> including any attachments, are intended solely for the use of the
> individual or entity to whom they are addressed. If you are not an
> intended recipient, please contact us immediately by return email and
> then delete both messages. You may not otherwise read, forward, copy,
> use or disclose this email or any attachments. Any views expressed in
> this email are those of the individual sender except where the sender
> expressly, and with authority, states otherwise. It is your
> responsibility to check any attachments for viruses or defects before
> opening or sending them on. None of the sender or its related entities
> accepts any liability for any consequential damage resulting from this
> email containing computer viruses.
>
>
> Disclaimer added by *CodeTwo Exchange Rules*
> www.codetwo.com <http://www.codetwo.com>
>
> *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
> *Sent:* 28 January 2013 19:42
> *To:* openmeetings-user@incubator.apache.org
> *Subject:* Re: RTMPS woes
>
> Well, it did seem to be an effect of the path: the error message
> disappeared once I changed
>
> <property name="keystoreFile" value="conf/keystore">
> into
> <property name="keystoreFile" value="/data/openmeetings/conf/keystore">
>
> in red5-core.xml
>
> This reflects the real path on my server. Some one might want to add
> this to the documentation.
>
> The situation now is like this gentleman describes:
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-500
>
> I can't shake the feeling the documentation is missing something ...
>
>
> BC
>
>
>
> On 01/28/13 00:49, Bart Coninckx wrote:
>
> One addition: I installed in /data/openmeetings, but I had this
> reflected in the init.d script that starts OpenMeetings. I hope
> that is OK?
>
> BC
>
> On 01/28/13 00:47, Bart Coninckx wrote:
>
> Hi all,
>
> been trying to get SSL rolling following the docs on
> http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
>
> I doublechecked everything but conecting to the OM site
> produces a "try 1", "try 2" etc and ends in
> NetConnection.Connect.Failed
>
> The red5 console says:
>
> [WARN] [NioProcessor-19]
> org.red5.server.net.rtmps.RTMPSMinaIoHandler - Exception
> caught Keystore or password are null
>
> the keystore is in "RED5_HOME"/conf and the passwords works.
>
> While capturing the packets I see a lot on 443, so HTTPS seems
> OK and jsut a fiew on 5443, so my guess is that RTMPS has a
> problem.
>
>
> The only step I did not do in the docu was:
>
> 7. Create additional certificate as described above. Add this
> certificate to the following keystores:
> red5/conf/keystore.screen and red5/conf/keystore.
>
> as it is not very clear. Do you need to create a new CSR and
> next a new CRT? Because that makes no sense. Or do I need a
> new keystore named keystore.screen and import the same
> certificates?
>
> Thx for clarifying this,
>
> BC
>
>
>
Re: RTMPS woes
Posted by Bart Coninckx <ba...@telenet.be>.
Just a follow-up and a report on where the problems were:
- while testing in my own network, I used the server's hostname to
connect to OM - turns out you HAVE TO use the same name as in the
certificate. This was a bit surprising as this is not the case with
secured Apache - it will just throw an error message about the
certificate, but leave you the choice to continue. I guess the flash app
cannot do that.
- I'm not 100% sure, but my impression was that self signed certs indeed
do not work. I have official certificates now in any case and that works
fine.
- at one point I made a mistake by nog changing the RTMPS port correctly
in red5.properties
- the documentation at
http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html differs from
https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools
. My guess is that the latter one is better, because it is more recent.
These docs are for Ubuntu and Debian, but I installed on SLES 10,
without having to do anything differently.
BC
On 01/28/13 21:01, Stephen Cottham wrote:
>
> Hey Bart,
>
> Are you using a self-signed certificate by chance?
>
> have you tried different browsers?
>
> Using self-signed certs we have seen problems like this in a few
> browsers before, (if your using Windows you can import the self-signed
> cert into the trusted repo and try again this has resolved some issues
> before)
>
> I don't believe you need to set the path to the cert explicitly in
> red5-core.xml like you are saying below, I have this working on 2.0
> and 2.1 without issues (using a legit cert) and have had mixed results
> using a self-signed and had some issues with Mozilla and chrome using
> their sandbox with both.
>
> Best Regards
>
> *Stephen Cottham**
> *Group IT Manager (Associate)
>
> Robert Bird Group
> Level 5, 333 Ann St
> Brisbane, Queensland, 4000, Australia
>
> *Phone: +6173 319 2777 (AUS)*
>
> *Phone: +44207 633 2880 (UK)*
>
> *Fax: +6173 319 2799*
>
> **
>
> *Mobile: +61400 756 963 (AUS)*
>
> *Mobile: +447900 918 616 (UK)*
>
> *Web: **www.robertbird.com* <http://www.robertbird.com/>
>
> <http://www.robertbird.com.au/><http://www.robertbird.com.au/>
>
> This email and any attachments are confidential and may contain
> legally privileged information or copyright material. Unless expressly
> stated, confidentiality and/or legal privilege is not intended to be
> waived by the sending of this email. The contents of this email,
> including any attachments, are intended solely for the use of the
> individual or entity to whom they are addressed. If you are not an
> intended recipient, please contact us immediately by return email and
> then delete both messages. You may not otherwise read, forward, copy,
> use or disclose this email or any attachments. Any views expressed in
> this email are those of the individual sender except where the sender
> expressly, and with authority, states otherwise. It is your
> responsibility to check any attachments for viruses or defects before
> opening or sending them on. None of the sender or its related entities
> accepts any liability for any consequential damage resulting from this
> email containing computer viruses.
>
>
> Disclaimer added by *CodeTwo Exchange Rules*
> www.codetwo.com <http://www.codetwo.com>
>
> *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
> *Sent:* 28 January 2013 19:42
> *To:* openmeetings-user@incubator.apache.org
> *Subject:* Re: RTMPS woes
>
> Well, it did seem to be an effect of the path: the error message
> disappeared once I changed
>
> <property name="keystoreFile" value="conf/keystore">
> into
> <property name="keystoreFile" value="/data/openmeetings/conf/keystore">
>
> in red5-core.xml
>
> This reflects the real path on my server. Some one might want to add
> this to the documentation.
>
> The situation now is like this gentleman describes:
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-500
>
> I can't shake the feeling the documentation is missing something ...
>
>
> BC
>
>
>
> On 01/28/13 00:49, Bart Coninckx wrote:
>
> One addition: I installed in /data/openmeetings, but I had this
> reflected in the init.d script that starts OpenMeetings. I hope
> that is OK?
>
> BC
>
> On 01/28/13 00:47, Bart Coninckx wrote:
>
> Hi all,
>
> been trying to get SSL rolling following the docs on
> http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
>
> I doublechecked everything but conecting to the OM site
> produces a "try 1", "try 2" etc and ends in
> NetConnection.Connect.Failed
>
> The red5 console says:
>
> [WARN] [NioProcessor-19]
> org.red5.server.net.rtmps.RTMPSMinaIoHandler - Exception
> caught Keystore or password are null
>
> the keystore is in "RED5_HOME"/conf and the passwords works.
>
> While capturing the packets I see a lot on 443, so HTTPS seems
> OK and jsut a fiew on 5443, so my guess is that RTMPS has a
> problem.
>
>
> The only step I did not do in the docu was:
>
> 7. Create additional certificate as described above. Add this
> certificate to the following keystores:
> red5/conf/keystore.screen and red5/conf/keystore.
>
> as it is not very clear. Do you need to create a new CSR and
> next a new CRT? Because that makes no sense. Or do I need a
> new keystore named keystore.screen and import the same
> certificates?
>
> Thx for clarifying this,
>
> BC
>
>
>
RE: RTMPS woes
Posted by Stephen Cottham <St...@robertbird.com.au>.
Hey Bart,
Are you using a self-signed certificate by chance?
have you tried different browsers?
Using self-signed certs we have seen problems like this in a few
browsers before, (if your using Windows you can import the self-signed
cert into the trusted repo and try again this has resolved some issues
before)
I don't believe you need to set the path to the cert explicitly in
red5-core.xml like you are saying below, I have this working on 2.0 and
2.1 without issues (using a legit cert) and have had mixed results using
a self-signed and had some issues with Mozilla and chrome using their
sandbox with both.
Best Regards
From: Bart Coninckx [mailto:bart.coninckx@telenet.be]
Sent: 28 January 2013 19:42
To: openmeetings-user@incubator.apache.org
Subject: Re: RTMPS woes
Well, it did seem to be an effect of the path: the error message
disappeared once I changed
<property name="keystoreFile" value="conf/keystore">
into
<property name="keystoreFile" value="/data/openmeetings/conf/keystore">
in red5-core.xml
This reflects the real path on my server. Some one might want to add
this to the documentation.
The situation now is like this gentleman describes:
https://issues.apache.org/jira/browse/OPENMEETINGS-500
I can't shake the feeling the documentation is missing something ...
BC
On 01/28/13 00:49, Bart Coninckx wrote:
One addition: I installed in /data/openmeetings, but I had this
reflected in the init.d script that starts OpenMeetings. I hope that is
OK?
BC
On 01/28/13 00:47, Bart Coninckx wrote:
Hi all,
been trying to get SSL rolling following the docs on
http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
I doublechecked everything but conecting to the OM site
produces a "try 1", "try 2" etc and ends in NetConnection.Connect.Failed
The red5 console says:
[WARN] [NioProcessor-19]
org.red5.server.net.rtmps.RTMPSMinaIoHandler - Exception caught Keystore
or password are null
the keystore is in "RED5_HOME"/conf and the passwords
works.
While capturing the packets I see a lot on 443, so HTTPS
seems OK and jsut a fiew on 5443, so my guess is that RTMPS has a
problem.
The only step I did not do in the docu was:
7. Create additional certificate as described above. Add
this certificate to the following keystores: red5/conf/keystore.screen
and red5/conf/keystore.
as it is not very clear. Do you need to create a new CSR
and next a new CRT? Because that makes no sense. Or do I need a new
keystore named keystore.screen and import the same certificates?
Thx for clarifying this,
BC
Stephen Cottham
Group IT Manager (Associate)
Robert Bird Group
Level 5, 333 Ann St
Brisbane, Queensland, 4000, Australia
Phone: +6173 319 2777 (AUS)
Phone: +44207 633 2880 (UK)
Fax: +6173 319 2799
Mobile: +61400 756 963 (AUS)
Mobile: +447900 918 616 (UK)
Web: www.robertbird.com
This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses.
Disclaimer added by CodeTwo Exchange Rules
http://www.codetwo.com
Re: RTMPS woes
Posted by Bart Coninckx <ba...@telenet.be>.
Well, it did seem to be an effect of the path: the error message
disappeared once I changed
<property name="keystoreFile" value="conf/keystore">
into
<property name="keystoreFile" value="/data/openmeetings/conf/keystore">
in red5-core.xml
This reflects the real path on my server. Some one might want to add
this to the documentation.
The situation now is like this gentleman describes:
https://issues.apache.org/jira/browse/OPENMEETINGS-500
I can't shake the feeling the documentation is missing something ...
BC
On 01/28/13 00:49, Bart Coninckx wrote:
> One addition: I installed in /data/openmeetings, but I had this
> reflected in the init.d script that starts OpenMeetings. I hope that
> is OK?
>
> BC
>
> On 01/28/13 00:47, Bart Coninckx wrote:
>> Hi all,
>>
>> been trying to get SSL rolling following the docs on
>> http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
>>
>> I doublechecked everything but conecting to the OM site produces a
>> "try 1", "try 2" etc and ends in NetConnection.Connect.Failed
>>
>> The red5 console says:
>>
>> [WARN] [NioProcessor-19] org.red5.server.net.rtmps.RTMPSMinaIoHandler
>> - Exception caught Keystore or password are null
>>
>> the keystore is in "RED5_HOME"/conf and the passwords works.
>>
>> While capturing the packets I see a lot on 443, so HTTPS seems OK and
>> jsut a fiew on 5443, so my guess is that RTMPS has a problem.
>>
>>
>> The only step I did not do in the docu was:
>>
>> 7. Create additional certificate as described above. Add this
>> certificate to the following keystores: red5/conf/keystore.screen and
>> red5/conf/keystore.
>>
>> as it is not very clear. Do you need to create a new CSR and next a
>> new CRT? Because that makes no sense. Or do I need a new keystore
>> named keystore.screen and import the same certificates?
>>
>> Thx for clarifying this,
>>
>> BC
>>
>>
>>
>>
>
Re: RTMPS woes
Posted by Bart Coninckx <ba...@telenet.be>.
One addition: I installed in /data/openmeetings, but I had this
reflected in the init.d script that starts OpenMeetings. I hope that is OK?
BC
On 01/28/13 00:47, Bart Coninckx wrote:
> Hi all,
>
> been trying to get SSL rolling following the docs on
> http://incubator.apache.org/openmeetings/RTMPSAndHTTPS.html
>
> I doublechecked everything but conecting to the OM site produces a
> "try 1", "try 2" etc and ends in NetConnection.Connect.Failed
>
> The red5 console says:
>
> [WARN] [NioProcessor-19] org.red5.server.net.rtmps.RTMPSMinaIoHandler
> - Exception caught Keystore or password are null
>
> the keystore is in "RED5_HOME"/conf and the passwords works.
>
> While capturing the packets I see a lot on 443, so HTTPS seems OK and
> jsut a fiew on 5443, so my guess is that RTMPS has a problem.
>
>
> The only step I did not do in the docu was:
>
> 7. Create additional certificate as described above. Add this
> certificate to the following keystores: red5/conf/keystore.screen and
> red5/conf/keystore.
>
> as it is not very clear. Do you need to create a new CSR and next a
> new CRT? Because that makes no sense. Or do I need a new keystore
> named keystore.screen and import the same certificates?
>
> Thx for clarifying this,
>
> BC
>
>
>
>