Accessing streams via HTTPS not working

Hello,

Using Wowza streaming engine on AWS and streaming via regular HTTP is working with a DASH player. need to get it working via HTTPS.

I followed the instructions in the “How to request an SSL certificate from a certificate authority” article, obtained and installed a cert and adjusted the VHost.xml file to uncomment the section. Ensured that our DNS had sentryvidserv.us pointing at our AWS instance.

Test player still works when using HTTP and the old port. Also works if I use http and the domain name:

http://sentryvidserv.us:1935/mps/my-stream-name/manifest.f4m

Also works if I use http and port 443 (which seems odd to me)

http://sentryvidserv.us:443/mps/my-stream-name/manifest.f4m

However, I cannot get any form of httpS to play a stream. I’ve tried 443 and 1935. MPEG-DASH and Adobe HDS. I feel like there must be a configuration step that was missed.

Here are the commands I used:

sudo keytool -genkey -keysize 2048 -alias wowza -keyalg RSA -keystore sentryvidserv.us.jks

(gave it sentryvidserv.us as the first and last name)

sudo keytool -certreq -file sentryvidserv.us.csr -alias wowza -keyalg RSA -keystore sentryvidserv.us.jks

When I received the certs, I installed them:

sudo keytool -import -alias root -trustcacerts -file DigiCertCA.crt -keystore sentryvidserv.us.jks
sudo keytool -import -alias wowza -trustcacerts -file sentryvidserv_us.crt -keystore ssl.mycompany.com.jks

Here is the result of keytool -list -keystore sentryvidserv.us.jks

Enter keystore password:  
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
root, Oct 10, 2014, trustedCertEntry, 
Certificate fingerprint (SHA1): 1F:B8:6B:11:68:........:71:A4:B7:CC:B4
wowza, Oct 10, 2014, PrivateKeyEntry, 
Certificate fingerprint (SHA1): 43:AF:E0:BC:26:.......:A8:CB:CA:54:02:2B:AE:70

Here is the section of VHost.xml:

<HostPort>
				<Name>Default SSL Streaming</Name>
				<Type>Streaming</Type>
				<ProcessorCount>${com.wowza.wms.TuningAuto}</ProcessorCount>
				<IpAddress>*</IpAddress>
				<Port>443</Port>
				<HTTPIdent2Response></HTTPIdent2Response>
				<SSLConfig>
					<KeyStorePath>${com.wowza.wms.context.VHostConfigHome}/conf/sentryvidserv.us.jks</KeyStorePath>
					<KeyStorePassword>S3ntryK3ySt0re</KeyStorePassword>
					<KeyStoreType>JKS</KeyStoreType>
					<SSLProtocol>TLS</SSLProtocol>
					<Algorithm>SunX509</Algorithm>
					<CipherSuites></CipherSuites>
					<Protocols></Protocols>
				</SSLConfig>
				<SocketConfiguration>
					<ReuseAddress>true</ReuseAddress>
					<ReceiveBufferSize>65000</ReceiveBufferSize>
					<ReadBufferSize>65000</ReadBufferSize>
					<SendBufferSize>65000</SendBufferSize>
					<KeepAlive>true</KeepAlive>
					<AcceptorBackLog>100</AcceptorBackLog>
				</SocketConfiguration>
				<HTTPStreamerAdapterIDs>cupertinostreaming,smoothstreaming,sanjosestreaming,dvrchunkstreaming,mpegdashstreaming</HTTPStreamerAdapterIDs>
				<HTTPProviders>
					<HTTPProvider>
						<BaseClass>com.wowza.wms.http.HTTPCrossdomain</BaseClass>
						<RequestFilters>*crossdomain.xml</RequestFilters>
						<AuthenticationMethod>none</AuthenticationMethod>
					</HTTPProvider>
					<HTTPProvider>
						<BaseClass>com.wowza.wms.http.HTTPClientAccessPolicy</BaseClass>
						<RequestFilters>*clientaccesspolicy.xml</RequestFilters>
						<AuthenticationMethod>none</AuthenticationMethod>
					</HTTPProvider>
					<HTTPProvider>
						<BaseClass>com.wowza.wms.http.HTTPProviderMediaList</BaseClass>
						<RequestFilters>*jwplayer.rss|*jwplayer.smil|*medialist.smil|*manifest-rtmp.f4m</RequestFilters>
						<AuthenticationMethod>none</AuthenticationMethod>
					</HTTPProvider>
					<HTTPProvider>
						<BaseClass>com.wowza.wms.http.HTTPServerVersion</BaseClass>
						<RequestFilters>*</RequestFilters>
						<AuthenticationMethod>none</AuthenticationMethod>
					</HTTPProvider>
				</HTTPProviders>
			</HostPort>

What else needs to be done to enable streaming over HTTPS??

Many thanks,

Dave

Hello there and welcome to the Wowza support forum.

I am sorry I dont have much to offer here as I have not set this up myself. But looking closely at the guide and what you have shown, all I can see that is different is the “ssl” in the command lines.

What you have:

sudo keytool -genkey -keysize 2048 -alias wowza -keyalg RSA -keystore sentryvidserv.us.jks

What the guide shows:

keytool -certreq -file ssl.mycompany.com.csr -alias wowza -keyalg RSA -keystore [B]ssl[/B].mycompany.com.jks

I notice you omitted the “ssl” part in most of the command lines, and included it on one.

Also, in the VHost you have:

<KeyStorePath>${com.wowza.wms.context.VHostConfigHome}/conf/sentryvidserv.us.jks</KeyStorePath>

And the guide mentions:

${com.wowza.wms.context.VHostConfigHome}/conf/[B]ssl[/B].mycompany.com.jks

Lastly, the guide provides a link to a troubleshooting guide:

A bug in the Oracle Java Development Kit (JDK) affects connections that use Secure Sockets Layer (SSL) certificates. Occasionally the SSL handshake fails during Diffie-Hellman key exchange and the connection hangs. For more information, see How to fix intermittent HTTP/SSL failure (padding exception).

Again, I apologize for not having more to offer. If you still need help and no one from support has replied you could open a support ticket by zipping the following directories and sending them to support@wowza.com

[install-dir]/conf

[install-dir]/logs

[install-dir]/transcoder

[install-dir]/manager/logs

Kind regards,

Salvadore

Hi,

This is a rather old ticket and may or may not be relevant to the issue you are experiencing. I would suggest that you open a support ticket with us and include the steps you’ve taken and we can look at your specific workflow. Include a zip of your /conf and /logs too.

Paul

You are very observant Savadore!

Thanks much for your input. I do believe that sentryvid.serv.us (without the SSL) is correct for us, but I am not 100% sure. I have a support ticket open. Looking through my command history you might be right that I included the ssl. in front of the keystore on the import of the “wowza” cert. I will re-try and see if it helps.

Thanks,

Dave

How do you have resolve this? I have the same probs

Thanks

the same is happening to me, any solution?