It appears there is an alternative to Streamlock, however I haven’t been able able to use WebRTC streaming with my own SDP and self-signed SSL certificate yet. So my question us how exactly do I get to use WebRTC streaming with local SDP and self-signed SSL certificate.
Welcome to the commuinity @Stanislav_Popadynets.
Yes, as long as your certificate authority accepts using a localhost address this should be possible. Please review our article on how to request a self-signed certificate:
https://www.wowza.com/docs/how-to-request-an-ssl-certificate-from-a-certificate-authority
Then in your host file you’ll add your local address and domain name.
127.0.0.1 ssl.mycompany.com
If you don’t mind me asking, why not use StreamLock that is free and is integrated already with all our documentation? Using your own is possible, we don’t encourage that for webrtc since it’s a bit more complicated to configure. Feel free to submit a ticket if you need an engineer to get your own SSL cert working with Engine.
Hi @Rose_Power-Wowza_Com,
I know this a quite old topic but my team is also looking for Streamlock-alternatives. The main reason is that we are searching for ways to automate the certificate renewal process.
As per my understanding there is no webservice or API for maintaining the Streamlock certificate issuing, am I right?
Kind regards
Norbert
Have you considered letsencrypt ?
Hello @Norbert_Lenz, apologies for the delay, I was out on holiday.
Yes, i agree with @Connessione that you could use Let’s Encrypt and we actually have documentation coming soon on how to configure that.
In the meantime, if you’d like to try it, it’s very similar to the steps in these articles here:
- https://www.wowza.com/docs/how-to-request-an-ssl-certificate-from-a-certificate-authority
- https://www.wowza.com/docs/how-to-import-an-existing-ssl-certificate-and-private-key
One suggestion from our Wowza engineer working on this new documentation:
“Just a heads up that the process on our side is almost identical to the import process, but it’s important the user knows that the “chain.pem” is our “root” certificate for the JKS and fullchain.pem is the “chain” cert. If you import them with different aliases it will fail.”
If you’d like him to give you a hand setting it up or if you have any issues at all until we get this new doc written, you can submit a support ticket and say Rose sent you to see if Jeff can assist. Good luck to you!
And yes you are right about StreamLock and it having to be configured/maintained manually when it expires.