 |
|
 |
|
|
 |
RTMPS , selfsigned certificate |
 |
 |
|
|
01-23-06 10:45 PM
Good morning all,
i've been playing (trying to) with rtmps connection over FMS2 (dev edition).
i've been able to setup the server (adaptor xml, copying certificate,
giving private key, setting correct passphrase... etc etc).
My server should be accepting ssl connections now (since i have no more
errors on my edge log).
When my flash client tries to connect to fms (from standalone player or
browser) i'm being presented with the "your certificate cannot be
verified because it's not generated by a trusted CA...blabla".
Everything looks good!
Problem:
both if i locally install the certificate or not i can't connect to fms.
it always generate the nc.onStatus event with
code=NetConnection.Connect.Failed
i have no log on fms, nothing on client (beside this status event).
what is happening ?
Thanks in advance
Dario De Agostini
=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
[ Post a follow-up to this message ]
|
|
|
 |
|
 |
|
 |
|
|
|
RE: RTMPS , selfsigned certificate |
|
|
|
|
01-23-06 10:45 PM
Server is probably doing the right thing and returning the certificate
that you have configured back to the client. Now the client needs to
authenticate it; i.e. (1) make sure the cert claims to be who you are
connecting to; so if you are connecting to foo.com but the cert says it
is from bar.com, then this is an obvious problem. (2) if the cert says
you are in fact connecting to who you think you are, i.e. foo.com, it
needs to further verify that it can in fact trust that this is foo.com.
So it needs to verify that the cert was signed by somebody it trusts (a
trusted CA such as Verisign). For this to happen, you need to have the
CA's cert on your client (usually it comes pre-shipped with Windows).
If you have generated these certs yourself, such as with OpenSSL, you'll
need to install the CA cert on your client.
Ed
> -----Original Message-----
> From: flashcomm-bounces-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org=
20
> [mailto:flashcomm-bounces-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gman
e.org] On Behalf Of=20
> Dario De Agostini
> Sent: Monday, January 23, 2006 7:18 AM
> To: FlashComm Mailing List
> Subject: [FlashComm] RTMPS , selfsigned certificate
>=20
> Good morning all,
>=20
> i've been playing (trying to) with rtmps connection over FMS2=20
> (dev edition).
> i've been able to setup the server (adaptor xml, copying=20
> certificate, giving private key, setting correct=20
> passphrase... etc etc).
>=20
> My server should be accepting ssl connections now (since i=20
> have no more errors on my edge log).
>=20
> When my flash client tries to connect to fms (from standalone=20
> player or
> browser) i'm being presented with the "your certificate=20
> cannot be verified because it's not generated by a trusted=20
> CA...blabla".
>=20
> Everything looks good!
>=20
> Problem:
> both if i locally install the certificate or not i can't=20
> connect to fms.
> it always generate the nc.onStatus event with=20
> code=3DNetConnection.Connect.Failed
>=20
> i have no log on fms, nothing on client (beside this status event).
>=20
> what is happening ?
>=20
> Thanks in advance
> Dario De Agostini
>=20
>=20
>=20
> =3D-----------------------------------------------------------
> Supported by Fig Leaf Software - http://www.figleaf.com
> =3D-----------------------------------------------------------
>=20
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
>=20
=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: RTMPS , selfsigned certificate |
|
|
|
|
01-23-06 10:45 PM
Edward Chan wrote:
> Server is probably doing the right thing and returning the certificate
>
[...]
> For this to happen, you need to have the
> CA's cert on your client (usually it comes pre-shipped with Windows).
> If you have generated these certs yourself, such as with OpenSSL, you'll
> need to install the CA cert on your client.
>
Edward, you are my saviour! 
It's exactly like you said. My problem was that i didn't install myself
as a valid C.Authority.
thanks for the fast reply!
I'll play with ssl now
(fms2 has many improvements under the hood... congratulations... too bad
for the licensing tho :-P )
Dario De Agostini
=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: RTMPS , selfsigned certificate |
|
|
|
|
01-23-06 10:45 PM
hi
I am also been trying with RTMPS but could not do so Can u please
guide me details how can i achive a RTMPS connection to FMS2
thanks
jassy
On 1/23/06, Dario De Agostini <dario-GCN6p6BpY0//wltNWqQaag@public.gmane.org> wrote:
> Edward Chan wrote:
> [...]
l[vbcol=seagreen]
> Edward, you are my saviour!
> It's exactly like you said. My problem was that i didn't install myself
> as a valid C.Authority.
> thanks for the fast reply!
>
> I'll play with ssl now
> (fms2 has many improvements under the hood... congratulations... too bad
> for the licensing tho :-P )
>
> Dario De Agostini
>
> =3D-----------------------------------------------------------
> Supported by Fig Leaf Software - http://www.figleaf.com
> =3D-----------------------------------------------------------
>
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
>
=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
RE: RTMPS , selfsigned certificate |
|
|
|
|
01-23-06 10:45 PM
Have you configured SSL on the server yet? =20
> -----Original Message-----
> From: flashcomm-bounces-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org=
20
> [mailto:flashcomm-bounces-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gman
e.org] On Behalf Of jassy 4u
> Sent: Monday, January 23, 2006 9:44 AM
> To: FlashComm Mailing List
> Subject: Re: [FlashComm] RTMPS , selfsigned certificate
>=20
> hi
> I am also been trying with RTMPS but could not do so Can u=20
> please guide me details how can i achive a RTMPS connection to FMS2
>=20
> thanks
> jassy
>=20
> On 1/23/06, Dario De Agostini <dario-GCN6p6BpY0//wltNWqQaag@public.gmane.o
rg> wrote:
> your client=20
> congratulations... too=20
>=20
> =3D---------------------------------------------------------
> Supported by Fig Leaf Software - http://www.figleaf.com
> =3D---------------------------------------------------------
>=20
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
>=20
=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: RTMPS , selfsigned certificate |
|
|
|
|
01-24-06 07:45 AM
jassy 4u wrote:
> hi
> I am also been trying with RTMPS but could not do so Can u please
> guide me details how can i achive a RTMPS connection to FMS2
>
Well... documentation is quite good this time :-)
I've followed steps written there and had only minor problems.
Anyway you just need to :
1) create a self signed certificate
2) edit fms.ini specifying that server has to listen to port -443 (port
443, with ssl handshaking)
3) edit conf/adaptor.xml adding path to the cert file, key file and
passhphrase if needed
4) open the CA certificate file on your client, install the certificate.
5) connect to fms with protocol rtmps
have fun
(thanks again to Edward for the extremely useful post)
Dario De Agostini
=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: RTMPS , selfsigned certificate |
|
|
|
|
01-24-06 12:46 PM
thnks for ur reply i will try again and let u know
thanks
jassy
On 1/24/06, Dario De Agostini <dario-GCN6p6BpY0//wltNWqQaag@public.gmane.org> wrote:
> jassy 4u wrote:
> Well... documentation is quite good this time :-)
> I've followed steps written there and had only minor problems.
>
> Anyway you just need to :
> 1) create a self signed certificate
> 2) edit fms.ini specifying that server has to listen to port -443 (port
> 443, with ssl handshaking)
> 3) edit conf/adaptor.xml adding path to the cert file, key file and
> passhphrase if needed
> 4) open the CA certificate file on your client, install the certificate.
> 5) connect to fms with protocol rtmps
>
>
> have fun
> (thanks again to Edward for the extremely useful post)
>
>
> Dario De Agostini
>
> =3D-----------------------------------------------------------
> Supported by Fig Leaf Software - http://www.figleaf.com
> =3D-----------------------------------------------------------
>
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
>
=-----------------------------------------------------------
Supported by Fig Leaf Software - http://www.figleaf.com
=-----------------------------------------------------------
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: RTMPS , selfsigned certificate |
|
|
|
|
|
|
|
|
|
|
Re: RTMPS , selfsigned certificate |
|
|
|
|
02-23-06 10:45 PM
lti-1a8g-LMbKfuCQv7pBDgjK7y7TUQ@public.gmane.org wrote:
> Just wondering, does FMS2 natively supports SSL connections ?
> The last time I tried and succeeded in establishing a SSL connection
> to a FlashCom server, I had to use stunnel to build a bridge ...
>
with FMS you don't need stunnel.
ssl is supported.
Have fun
Dario De Agostini
________________________________________
_______
FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
Re: RTMPS , selfsigned certificate |
|
|
|
 | | | |  |
|
|
|
lti-1a8g-LMbKfuCQv7pBDgjK7y7TUQ@public.gmane.o |
|
|
|
|
|
|
|
   | | |  | |
|
|
|
|
|
|
|
|
|
|
|
Sponsored Links |
|
|
|
|
 |
All times are GMT. The time now is 08:20 PM. |
 |
|
|
 |
|
 |
|
|
 |
|
Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
|
|
|
|
Medical and Health forum | Computer Games Reviews | Graphics design forum
|
 |
|
 |
|
