Over the past few days I have tried to enable SSL over port 443 on my Wowza 3 (3.0.5 build1220) Server. I used this tutorial to get started:
https://www.wowza.com/docs/how-to-request-an-ssl-certificate-from-a-certificate-authority
and ran into the issue of the private key not matching the cert because I need to use the key that I already have.
So then I followed another how-to that used my current key and turns it into a java keystore and then used that keystore with keytool to import my root CA and my wildcard cert. I know this is possible because I use the same method for my email servers Jetty keystore. Everything seemed to work correctly until I restarted Wowza with debug logging turned on and tried to hit the HTTProvider run on port 443, or any application stream on port 443.
In the logs I see the SSL handshake start and then fail:
DEBUG server comment - null doHandshake()
DEBUG server comment - null handshakeStatus=NEED_UNWRAP
DEBUG server comment - null unwrapHandshake()
DEBUG server comment - null inNetBuffer: java.nio.DirectByteBuffer[pos=0 lim=322 cap=16665]
DEBUG server comment - null appBuffer: java.nio.DirectByteBuffer[pos=0 lim=33330 cap=33330]
INFO server comment - ServerHandler.exceptionCaught[[any]:443:ip_address]: javax.net.ssl.SSLHandshakeException: SSL handshake failed.
DEBUG server comment - null Closed: org.apache.mina.filter.support.SSLHandler@6c0ec436
- - - - -
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
What am I missing? or rather where did I go wrong?
My keystore currently resembles this:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
root, Jun 14, 2012, trustedCertEntry,
Certificate fingerprint (MD5): B6:4C:...
wowza, Jun 14, 2012, PrivateKeyEntry,
Certificate fingerprint (MD5): B9:A0:....
Thanks in advance!