Secure streaming to the iPhone and iPod Touch (AES-128, internal method)

https://www.wowza.com/docs/how-to-use-the-internal-method-of-aes-128-encryption-to-secure-live-or-vod-streams-sent-to-apple-ios-devices-moduleencryptionhandlercupertinostreaming

Same application level encryption properties need to be set on edge and origin.

Charlie

Zip up conf and logs from origin and edge and make available for download.

Charlie

You can try using the “+” (plus) sign in place of the spaces when referencing the names in the URLs. If that does not work, there is no work around.

Charlie

If the stream is coming in H264 and we get a key for that live stream, can the next person getting that same stream, get a different key? Its not a live stream of a file but a live stream of a realtime H264 stream.

SSL certificate setup is tricky. I would test using the browser first to test that you have the SSL certificate setup properly. It is best to use a certifcate from certificate authority and to be sure and import their keys into your key store. If you do not do this then there is a good chance nothing will work.

Self-signed certificates may work when using a browser but will most likely require that you accept the certificate and install it on the local machine.

To test what you currently have setup, open a web browser and enter the address:

https://[wowza-ip-address]

This should connect to Wowza over SSL to the HTTPServerVersion provider. This is the best way to test the certificate is properly setup. If this works it will most likely ask you to install the certificate. Then once you do this, the next request should work. You should see the Wowza server version in the browser and the lock icon should show that SSL is working.

As far as the iPad goes I am not sure it will every work with a self-signed certificate.

Charlie

Be sure that this URL in the Application.xml file on the edge is pointing to the edge and not the origin:

<Property>
	<Name>cupertinoEncryptionBaseURL</Name>
	<Value>http://172.28.2.98:1935</Value>
</Property>

Be sure you have properly implemented a module on the edge with the method onHTTPCupertinoEncryptionKeyRequest and that it is returning the key data properly. It does work. So just slowly work through the process. I might first get this working with a single server. Then move on to origin/edge.

Charlie

There is a good chance the problem is on the player side. Wowza can handle many people starting and stoppiing the stream. It seems the iOS devices might have a problem when a single stream is started and stopped. So the issue will not affect many users streaming. It is not a Wowza problem.

Charlie

You will most likely have problems with a self-signed certificate. You need to get the certificate from a certificate authority. They will then provide the properly signed cert along with the trusted certs.

Charlie

I really have not tried self-signed certificate on iOS. Can’t really help.

Charlie

  1. Encryption for live streaming is on the origin. There is not way to do per-session encryption with a live stream. It is per-stream. It is all done on the origin and forwarded to the edges.

  2. Yes, all communication between edge and origin is RTMP but there is a separate connection for RTMP and Cupertino for the same stream. We just stream Cupertino chunks over RTMP.

Charlie

Yes, I think that’s they way it works, a new key is generated for each session.

Richard

To start, you need to compile this in the Wowza IDE, then there is additional code that needs to be written. Take a look at this other method for securing IPhone, to see if it is a better method for you:

http://community.wowza.com/t/-/83

Richard

I’m not sure if this is going to work for that combo, but the ModuleOnConnectAuthenticate can be used for authentication from Flash apps that will publish:

https://www.wowza.com/forums/showthread.php?t=7812

Try placing this above ModuleRTMPAuthenticate. And if that doesn’t work, try putting it below, last in the Modules list. You have to modify the NetConnection.connect of the Flash app.

Richard

Try going back to SecureURLParams. That should work. I think you have to use the Wowza 1.7.2 MediaSecurity Addon

http://community.wowza.com/t/-/45

Richard

Can you zip up and send the startup package to support@wowza.com. Please reference this thread.

Richard

Nish,

I think you just have to start over with this. You had it working and now it is not working, so you know that it does work, it’s not a bug in Wowza or the package, so you have made a mistake somewhere.

Richard

Nish,

Can you paste in your Application.xml

Richard

Sounds similar to this:

https://www.wowza.com/forums/showthread.php?t=10236&page=2#17

So check your Application.xml Properties list.

Richard

I think maybe there is some overlap and confusion regarding encryption key caused by your frequent replay in short time.

Richard