#1 2012-07-03 05:24:27

**_nudga_**

Ideas for Trouble shooting SSL

Hi,

I have been having issues securing an Adobe Connect server on SSL on a Windows Server 2008 platform. Are there any tools that can help me find out why my meeting site won't run upon HTTPS.
I believe my Certificates are OK, Adjusted the CFG .ini and vhost.xml. The Windows firewall is allowing traffic over 443. Does anyone have any pointers. I have been using OpenSSL to create my .pem and key.pem files.
All runs fine upon HTTP, and I have configure the Adobe server to communicate with our DC over LDAPS sucessfully.

Thanks.

**_mrock66_**

Re: Ideas for Trouble shooting SSL

You should be using STunnel, follow this guide.  http://helpx.adobe.com/adobe-connect/kb … unnel.html

you can also test your certificates here;
http://www.digicert.com/help/

**_nudga_**

Re: Ideas for Trouble shooting SSL

Why should we be using Stunnel rather than openssl?  does it not work over openssl, what differences / advantages of using stunnel?

Thanks for your reply.

**_nudga_**

Re: Ideas for Trouble shooting SSL

Lookinga t the issue further is would seem that the Certificates are no even coming into it when I try to access the meeting web page Internet explorer wont display the page (IE 8)  We are only running Flash Media Server only,are there any tests I can run to check if this is running correctly.
It was working ok under HTTP. I have made the Minor changes required within the Config.ini and the adaptor.xml file. The dns records are resolving sucessfully also.

**_bb0875_**

Re: Ideas for Trouble shooting SSL

You need stunnel to tunnel (decrypt) https traffic over to the Connect server. 

As of 8 (maybe 7.5?) the Connect server does not have it's own built in capability to understand HTTPS traffic - it needs Stunnel to sit in the middle and handle it. Until you get Stunnel up and running your server isn't listening on port 443, hence nothing displaying in IE (You can run

netstat -an | find /i "listening"

to verify this)

You can see instructions on how to set it up here: http://helpx.adobe.com/content/dam/kb/e … _8_SSL.pdf

Note that Stunnel is automatically installed with 8 now (and that pdf includes instructions on how to configure it) but I've found I still need to register it as a service.  You can do by navigating to the stunnel folder inside of the Adobe Connection installation and running

stunnel.exe -install

**_connectguy_**

Re: Ideas for Trouble shooting SSL

Actually the connect server never lost the capability to understand https traffic.  That was always handled by FMS which isn't stripped out by Connect.  However, the connect team found stunnel to be more reliable and an easier setup. 

But I think in your case the issue is in your server.xml.  You need to uncomment the code to handle traffic on 8443.