Macromedia Flash Server - RTMPS , selfsigned certificate

This is Interesting: Free IT Magazines  
Home > Archive > Macromedia Flash Server > February 2006 > RTMPS , selfsigned certificate





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author RTMPS , selfsigned certificate
Dario De Agostini

2006-01-23, 5:45 pm

Good morning all,

i've been playing (trying to) with rtmps connection over FMS2 (dev edition).
i've been able to setup the server (adaptor xml, copying certificate,
giving private key, setting correct passphrase... etc etc).

My server should be accepting ssl connections now (since i have no more
errors on my edge log).

When my flash client tries to connect to fms (from standalone player or
browser) i'm being presented with the "your certificate cannot be
verified because it's not generated by a trusted CA...blabla".

Everything looks good!

Problem:
both if i locally install the certificate or not i can't connect to fms.
it always generate the nc.onStatus event with
code=NetConnection.Connect.Failed

i have no log on fms, nothing on client (beside this status event).

what is happening ?

Thanks in advance
Dario De Agostini



=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------

To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm

Edward Chan

2006-01-23, 5:45 pm

Server is probably doing the right thing and returning the certificate
that you have configured back to the client. Now the client needs to
authenticate it; i.e. (1) make sure the cert claims to be who you are
connecting to; so if you are connecting to foo.com but the cert says it
is from bar.com, then this is an obvious problem. (2) if the cert says
you are in fact connecting to who you think you are, i.e. foo.com, it
needs to further verify that it can in fact trust that this is foo.com.
So it needs to verify that the cert was signed by somebody it trusts (a
trusted CA such as Verisign). For this to happen, you need to have the
CA's cert on your client (usually it comes pre-shipped with Windows).
If you have generated these certs yourself, such as with OpenSSL, you'll
need to install the CA cert on your client.

Ed

> -----Original Message-----
> From: flashcomm-bounces-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org=20
> [mailto:flashcomm-bounces-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org] On Behalf Of=20
> Dario De Agostini
> Sent: Monday, January 23, 2006 7:18 AM
> To: FlashComm Mailing List
> Subject: [FlashComm] RTMPS , selfsigned certificate
>=20
> Good morning all,
>=20
> i've been playing (trying to) with rtmps connection over FMS2=20
> (dev edition).
> i've been able to setup the server (adaptor xml, copying=20
> certificate, giving private key, setting correct=20
> passphrase... etc etc).
>=20
> My server should be accepting ssl connections now (since i=20
> have no more errors on my edge log).
>=20
> When my flash client tries to connect to fms (from standalone=20
> player or
> browser) i'm being presented with the "your certificate=20
> cannot be verified because it's not generated by a trusted=20
> CA...blabla".
>=20
> Everything looks good!
>=20
> Problem:
> both if i locally install the certificate or not i can't=20
> connect to fms.
> it always generate the nc.onStatus event with=20
> code=3DNetConnection.Connect.Failed
>=20
> i have no log on fms, nothing on client (beside this status event).
>=20
> what is happening ?
>=20
> Thanks in advance
> Dario De Agostini
>=20
>=20
>=20
> =3D-----------------------------------------------------------
> Supported by Fig Leaf Software - http://www.figleaf.com
> =3D-----------------------------------------------------------
>=20
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
>=20

=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------

To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm

Dario De Agostini

2006-01-23, 5:45 pm

Edward Chan wrote:
> Server is probably doing the right thing and returning the certificate
>
[...]
> For this to happen, you need to have the
> CA's cert on your client (usually it comes pre-shipped with Windows).
> If you have generated these certs yourself, such as with OpenSSL, you'll
> need to install the CA cert on your client.
>
Edward, you are my saviour!
It's exactly like you said. My problem was that i didn't install myself
as a valid C.Authority.
thanks for the fast reply!

I'll play with ssl now
(fms2 has many improvements under the hood... congratulations... too bad
for the licensing tho :-P )

Dario De Agostini

=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------

To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm

jassy 4u

2006-01-23, 5:45 pm

hi
I am also been trying with RTMPS but could not do so Can u please
guide me details how can i achive a RTMPS connection to FMS2

thanks
jassy

On 1/23/06, Dario De Agostini <dario-GCN6p6BpY0//wltNWqQaag@public.gmane.org> wrote:
> Edward Chan wrote:
> [...]
l[vbcol=seagreen]
> Edward, you are my saviour!
> It's exactly like you said. My problem was that i didn't install myself
> as a valid C.Authority.
> thanks for the fast reply!
>
> I'll play with ssl now
> (fms2 has many improvements under the hood... congratulations... too bad
> for the licensing tho :-P )
>
> Dario De Agostini
>
> =3D-----------------------------------------------------------
> Supported by Fig Leaf Software - http://www.figleaf.com
> =3D-----------------------------------------------------------
>
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
>

=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------

To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm

Edward Chan

2006-01-23, 5:45 pm

Have you configured SSL on the server yet? =20

> -----Original Message-----
> From: flashcomm-bounces-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org=20
> [mailto:flashcomm-bounces-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org] On Behalf Of jassy 4u
> Sent: Monday, January 23, 2006 9:44 AM
> To: FlashComm Mailing List
> Subject: Re: [FlashComm] RTMPS , selfsigned certificate
>=20
> hi
> I am also been trying with RTMPS but could not do so Can u=20
> please guide me details how can i achive a RTMPS connection to FMS2
>=20
> thanks
> jassy
>=20
> On 1/23/06, Dario De Agostini <dario-GCN6p6BpY0//wltNWqQaag@public.gmane.org> wrote:
> your client=20
> congratulations... too=20
>=20
> =3D---------------------------------------------------------
> Supported by Fig Leaf Software - http://www.figleaf.com
> =3D---------------------------------------------------------
>=20
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
>=20

=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------

To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm

Dario De Agostini

2006-01-24, 2:45 am

jassy 4u wrote:
> hi
> I am also been trying with RTMPS but could not do so Can u please
> guide me details how can i achive a RTMPS connection to FMS2
>
Well... documentation is quite good this time :-)
I've followed steps written there and had only minor problems.

Anyway you just need to :
1) create a self signed certificate
2) edit fms.ini specifying that server has to listen to port -443 (port
443, with ssl handshaking)
3) edit conf/adaptor.xml adding path to the cert file, key file and
passhphrase if needed
4) open the CA certificate file on your client, install the certificate.
5) connect to fms with protocol rtmps


have fun
(thanks again to Edward for the extremely useful post)


Dario De Agostini

=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------

To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm

jassy 4u

2006-01-24, 7:46 am

thnks for ur reply i will try again and let u know

thanks
jassy

On 1/24/06, Dario De Agostini <dario-GCN6p6BpY0//wltNWqQaag@public.gmane.org> wrote:
> jassy 4u wrote:
> Well... documentation is quite good this time :-)
> I've followed steps written there and had only minor problems.
>
> Anyway you just need to :
> 1) create a self signed certificate
> 2) edit fms.ini specifying that server has to listen to port -443 (port
> 443, with ssl handshaking)
> 3) edit conf/adaptor.xml adding path to the cert file, key file and
> passhphrase if needed
> 4) open the CA certificate file on your client, install the certificate.
> 5) connect to fms with protocol rtmps
>
>
> have fun
> (thanks again to Edward for the extremely useful post)
>
>
> Dario De Agostini
>
> =3D-----------------------------------------------------------
> Supported by Fig Leaf Software - http://www.figleaf.com
> =3D-----------------------------------------------------------
>
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
>

=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------

To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm

lti-1a8g-LMbKfuCQv7pBDgjK7y7TUQ@public.gmane.o

2006-02-23, 5:45 pm

Just wondering, does FMS2 natively supports SSL connections ?
The last time I tried and succeeded in establishing a SSL connection to
a FlashCom server, I had to use stunnel to build a bridge ...


jassy 4u wrote:

>thnks for ur reply i will try again and let u know
>
>thanks
>jassy
>
>On 1/24/06, Dario De Agostini <dario-GCN6p6BpY0//wltNWqQaag@public.gmane.org> wrote:
>
>
>
>=---------------------------------------------------------
>Supported by Fig Leaf Software - http://www.figleaf.com
>=---------------------------------------------------------
>
>To change your subscription options or search the archive:
>http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
>
>

________________________________________
_______
FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Dario De Agostini

2006-02-23, 5:45 pm

lti-1a8g-LMbKfuCQv7pBDgjK7y7TUQ@public.gmane.org wrote:
> Just wondering, does FMS2 natively supports SSL connections ?
> The last time I tried and succeeded in establishing a SSL connection
> to a FlashCom server, I had to use stunnel to build a bridge ...
>
with FMS you don't need stunnel.
ssl is supported.

Have fun
Dario De Agostini
________________________________________
_______
FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

lti-1a8g-LMbKfuCQv7pBDgjK7y7TUQ@public.gmane.o

2006-02-23, 5:45 pm

Great, that's at least one or two nights of sleep saved

Thanks.

Dario De Agostini wrote:

> lti-1a8g-LMbKfuCQv7pBDgjK7y7TUQ@public.gmane.org wrote:
>
> with FMS you don't need stunnel.
> ssl is supported.
>
> Have fun
> Dario De Agostini
> ________________________________________
_______
> FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
>
> Brought to you by Fig Leaf Software
> Premier Authorized Adobe Consulting and Training
> http://www.figleaf.com
> http://training.figleaf.com


________________________________________
_______
FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com