Expand my Community achievements bar.

self signed cert for SecureRTMP

Avatar

Level 2
Level 2
2/12/07 11:43:27 AM
Has anyone used a self signed cert for SecureRTMP? If so, a
quick step by step post would really really be appreciated.



Thank you,

-Vito

Views

738

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Reply

Avatar

Level 2
Level 2
2/12/07 4:16:24 PM
After a lot of struggling I finally got rtmps and https
channels working with self signed certificates (using openssl as a
personal certificate authority)



Disclaimer. There may be (probably is) a better easier way to
get this to work. I wish I knew how.



Here is what I did:



1) Setup a certificate authority



First setup a personal certificate authority with openssl


http://www.flatmtn.com/computer/Linux-SSLCertificates.html





2) Generate the keys in your keystore



I am using the default keystore for both the tomcat cert and
for the rtmps cert. (In XP the default keystore is here
C:\Documents and Settings\<username>\.keystore and in linux
it’s ~/.keystore)



keytool -genkey -alias tomcat -dname
"CN=localhostOrdomainname, OU=Development, O=ORGNAME, L=CITY,
S=STATE, C=US" -validity 3650



3) Genreate the certificate request

keytool -certreq -alias tomcat -file tomcat.csr





4) Generate the certificates (on your certificate authority
machine)

openssl ca -out tomcat.pem -config ./openssl.cnf -infiles
tomcat.csr



convert to a format the java keysore understands



openssl x509 -in tomcat.pem -out tomcat.crt -outform DER





5) Import your certificate authority certificate (the public
certificate you created when setting up your certificate authority)

a) IE: Double click the cacert.crt file

b) Firefox: Right click on the cacert.crt and choose open
with Firefox

c) default keystore:

keytool -import -alias myPrivateCA -trustcacerts -file
cacert.crt



d) cacerts keysore (for the jdk that tomcat is using)

cd to the folder with the cacerts file in my case

cd C:\Program Files\Java\jdk1.5.0_07\jre\lib\security



keytool -import -trustcacerts -alias myPrivateCA -file
cacert.crt -keystore cacerts



6) Import the actual certificate into the default keystore

keytool -import -alias tomcat -file tomcat.crt

keytool -import -alias flex2cert -file tomcat.crt





8) setup your channels in the services-config.xml file



<channels>

<channel-definition id="secureRTMP"

class="mx.messaging.channels.SecureRTMPChannel">

<endpoint uri="rtmps://localhost:2099"

class="flex.messaging.endpoints.SecureRTMPEndpoint" />

<properties>

<idle-timeout-minutes>20</idle-timeout-minutes>

<keystore-file> C:/Documents and
Settings/<USER>/.keystore</keystore-file>

<keystore-password>changeit</keystore-password>

</properties>

</channel-definition>



<channel-definition id="my-secure-http"

class="mx.messaging.channels.SecureHTTPChannel">

<endpoint


uri="https://{server.name}:8443/Presidio/messagebroker/httpsecur"

class="flex.messaging.endpoints.SecureHTTPEndpoint" />

<properties>


<add-no-cache-headers>false</add-no-cache-headers>

</properties>

</channel-definition>

</channels>





Note: the add-no-cache-headers false resolves an issue with
self-signed certs (
http://tech.groups.yahoo.com/group/flexcoders/message/50035)

Views

359

Replies

0
Sign in to like this content

Total Likes

Translate
Translate