#1 2013-06-04 08:43:07

Andrew_ITRS

SSL Implementation

Help please somebody :-)

I've just installed 9.0.0.1a and upgraded to version 9.0.0.4 on a single server installation.

Everything is working well under http, but when I try to get SSL working I cannot get into the meeting rooms. I've followed the SSL install guides and cannot pick where I am going wrong.

I've unzipped stunnel and configured a key. This checks out with the digicert help checker. I can access the meeting homepages through https no problem. I also installed stunnel as a service.

I've uncommented the 8443 port bits (2x) in server.xml

and I've added the following to my custom.ini file

# SSL Settings
ADMIN_PROTOCOL=https://
SSL_ONLY=yes
RTMP_SEQUENCE=rtmps://external-host:443/?rtmp://localhost:8506/

I do not have a wildcard certificate, but I understand I do not need one for single server installs.

Please can anyone help?

Andrew_ITRS

Re: SSL Implementation

I can confirm the commenting out the following line, gets everything working again.

#RTMP_SEQUENCE=rtmps://external-host:443/?rtmp://localhost:8506/

This however isn't then running securely through 443.

Andrew_ITRS

Re: SSL Implementation

I just looked and I don't have a license check mark next to -

- Requires SSL Connection (RTMPS)

Does this need to be checked for SSL to work?

irfant

Re: SSL Implementation

Here are our SSL related settings in custom.ini file:
---------------------
ADMIN_PROTOCOL=https://
#SSL_ONLY_APPSERVER=yes
#HTTPS_PORT=8443
DEFAULT_FCS_HOSTPORT=:1935,443
RTMP_SEQUENCE=rtmp://external-host:1935/?rtmp://localhost:8506/,rtmp://external-host:443/?rtmp://localhost:8506/,rtmpt://external-host:443/?rtmpt://localhost:8506/
-------------------------------------------------
And the above settings probably cause the 'Require SSL Connection' to be NOT checked in the console application: http://localhost:8510/console/application-settings/application-info?account-id=7

Our SSL Certificate is installed on the network load balancer--we have multiple Connect app servers.
HTH.

Andrew_ITRS

Re: SSL Implementation

It's working!! Yay!

Hi Irfant. Thank you for responding. It was useful as it got me thinking.

So, what I did was go right back and have a look at the basics. I thought I could set this up with a single SSL cert, but evidently not.

After setting up a second external IP, FQDN and SSL cert, it all started working. I now have the little padlock showing and we've had a successful meeting through a firewall only allowing 80 and 443.

Fantastic. Great outcome. Case Closed

StupidSexyFlanders

Re: SSL Implementation

Andrew,

From what I understand, the Require SSL checkbox only appears when both the Application server (e.g. HTTPS for the login page) and the Meeting server (e.g. RTMPS for the meetings) are using SSL encryption.

I have my 9.1.1 server running with just SSL for the Application server and there's no check by the SSL line on the configuration page. We don't really need the meetings themselves encrypted but on the plus side I only needed a single certificate and external IP. :)

Kevin

Re: SSL Implementation

Andrew,

From what I understand, the Require SSL checkbox only appears when both the Application server (e.g. HTTPS for the login page) and the Meeting server (e.g. RTMPS for the meetings) are using SSL encryption.

I have my 9.1.1 server running with just SSL for the Application server and there's no check by the SSL line on the configuration page. We don't really need the meetings themselves encrypted but on the plus side I only needed a single certificate and external IP. :)

I was under the impression that SSL was still needed for 1935 meeting failover to 443, or is that where stunnel comes into play?