We have a WSE serving content out of 2 domains. We would like to stream securely out of both domains. I have followed the guide to install the two certificates and from what I can tell, that part has been successful. However, we are streaming out of streamlock.net for only one domain, the other domain is a .com and the SSL is from Comodo. It looks like I do not have this certificate installed correctly as it comes up as ‘Certificate Invalid’. I have tried installing the certificate and the certificate chain as a bundle and I have also tried installing the certificate chain and the certificate separately but I am still having the same issue. The order in which the certificates appear in the bundle is: COMODORSAAddTrust + COMODORSAOrganization + AddTrust + My Certificate. Do I have the right order? What else should I be checking for?
If you follow Comodo’s instructions on how to create your bundle, the bundle will NOT work with Wowza Streaming Engine. Instead, you have to create the bundle with the certificates in the reverse order. Once you have created your bundle, importing it into the keystore is a snap.
Make sure that your keystore only contains your private key. Then add the bundle to the keystore with an alias of ‘bundle’ - remember, the bundle should NOT include your cert, it should only contain the cert chain.
Next, add your certificate with the same alias that was used to add your private key to the keystore. If you are unsure of the alias, run keytool with the -list option. If you did everything right, you will get a message that says “Certificate Reply was Installed in Keystore” when the cert is added to the keystore. If you don’t, start all over.
Finally, assign the cert to the appropriate VHost/port combination and restart your Wowza Streaming Engine process. Then head on over to any SSL validator and verify your installation by entering your server’s FQDN and port number in the appropriate box.
Happy SSL’ing!
Thanks for updating this!