Questions about SSL, HTTPS, RTMP & RTMPS

Hi,

I have recently applied for and received SSL certificates via StreamLock, however, I haven’t downloaded them yet because I wanted to know a few things before I do that.

  1. Would it still be possible to do RTMP after applying the SSL certificate?
  2. Do we need to change all our HLS to be over HTTPS?
  3. What about the REST API? do we need to replace all HTTP requests to HTTPS?

R,

Mustafa

You can set up SSL on a separate HostPort in your VHost.xml, so that both non-SSL and SSL will work. If you don’t want to allow non-SSL, you can disable or remove the old HostPort.

  1. Yes, if you set up SSL on a separate HostPort, you can still use RTMP without SSL

  2. You can choose if you want to use HTTP or HTTPS, but I recommend the latter, and that will mean that you will have to update the endpoints/clients that pull your stream(s) over HTTP

  3. If you want to use SSL for the REST API, you must configure this in the RESTInterface section of the Server.xml

Thank for the answer Karel.

Is there anything to be done on the application level to support RTMPS or HLS over HTTPS or is it only the HostPort?

For all following this thread: I have updated info from our engineers on this and it expands upon what Karel has already shared:

By default we’ll send to Facebook over the SSL port (443) if we can connect to FB’s SSL listener, so no need for the sendSSL param.

If we can’t connect to their SSL port then we’ll try and connect to their non-SSL RTMP interface.

There’s no need for an SSL cert in WSE when connecting to an SSL listener as we’re connecting to an SSL port and not acting as a listener for incoming SSL traffic.