- Topics: Active | Unanswered
Pages: 1
Topic closed
#1 2012-07-03 05:24:27
- **_nudga_**
Ideas for Trouble shooting SSL
Hi,
I have been having issues securing an Adobe Connect server on SSL on a Windows Server 2008 platform. Are there any tools that can help me find out why my meeting site won't run upon HTTPS.
I believe my Certificates are OK, Adjusted the CFG .ini and vhost.xml. The Windows firewall is allowing traffic over 443. Does anyone have any pointers. I have been using OpenSSL to create my .pem and key.pem files.
All runs fine upon HTTP, and I have configure the Adobe server to communicate with our DC over LDAPS sucessfully.
Thanks.
Offline
#2 2012-07-03 15:36:34
- **_mrock66_**
Re: Ideas for Trouble shooting SSL
You should be using STunnel, follow this guide. http://helpx.adobe.com/adobe-connect/kb … unnel.html
you can also test your certificates here;
http://www.digicert.com/help/
Offline
#3 2012-07-04 08:05:56
- **_nudga_**
Re: Ideas for Trouble shooting SSL
Why should we be using Stunnel rather than openssl? does it not work over openssl, what differences / advantages of using stunnel?
Thanks for your reply.
Offline
#4 2012-07-04 10:48:18
- **_nudga_**
Re: Ideas for Trouble shooting SSL
Lookinga t the issue further is would seem that the Certificates are no even coming into it when I try to access the meeting web page Internet explorer wont display the page (IE 8) We are only running Flash Media Server only,are there any tests I can run to check if this is running correctly.
It was working ok under HTTP. I have made the Minor changes required within the Config.ini and the adaptor.xml file. The dns records are resolving sucessfully also.
Offline
#5 2012-07-19 15:41:37
- **_bb0875_**
Re: Ideas for Trouble shooting SSL
You need stunnel to tunnel (decrypt) https traffic over to the Connect server.
As of 8 (maybe 7.5?) the Connect server does not have it's own built in capability to understand HTTPS traffic - it needs Stunnel to sit in the middle and handle it. Until you get Stunnel up and running your server isn't listening on port 443, hence nothing displaying in IE (You can run
netstat -an | find /i "listening"
to verify this)
You can see instructions on how to set it up here: http://helpx.adobe.com/content/dam/kb/e … _8_SSL.pdf
Note that Stunnel is automatically installed with 8 now (and that pdf includes instructions on how to configure it) but I've found I still need to register it as a service. You can do by navigating to the stunnel folder inside of the Adobe Connection installation and running
stunnel.exe -install
Offline
#6 2012-09-20 13:46:29
- **_connectguy_**
Re: Ideas for Trouble shooting SSL
Actually the connect server never lost the capability to understand https traffic. That was always handled by FMS which isn't stripped out by Connect. However, the connect team found stunnel to be more reliable and an easier setup.
But I think in your case the issue is in your server.xml. You need to uncomment the code to handle traffic on 8443.
Offline
Pages: 1
Topic closed