you told the browser that you trust your own cert, BUT Java on the server still don't believe your cert is trusted.
My steps are: I have created my own CA (self signed) Add this CA to the trusted CA of the browsers Add this CA to /opt/jdk/jre/lib/security/cacerts sign my self signed cert using this CA everything works On Thu, Feb 26, 2015 at 5:23 AM, OpenAr-IT Soluciones <opena...@gmail.com> wrote: > Thank you for the info but still no luck, I don't understand why SSL works > just fine but RTMPS doesn't. > > Regards, > > On Wed, Feb 25, 2015 at 5:33 PM, Lionel Djeukam <lio.djoma...@gmail.com> > wrote: > >> Hello all, >> >> for me it worked after adding my self-Signed Certificate as Trusted CA >> for my System (I used a windows 7/8.1 Client). >> To make this i just export my certificate from the start-page of AOM and >> then made the following: >> >> - Right click on the certificate >> - Choose Install >> - Choose the option to install the certificate in a specific directory >> - Navigate and select the second one. (Trusted CA) >> - You should receive a pop up asking you to validate the process. >> >> The steps above worked perfectly for all windows machines. >> Under Ubuntu i made the same, by following this: >> http://blog.tkassembled.com/410/adding-a-certificate-authority-to-the-trusted-list-in-ubuntu/ >> .But there is still the same mistake. >> >> Actually i didn't used JVM at all. >> >> >> 2015-02-25 19:43 GMT+01:00 OpenAr-IT Soluciones <opena...@gmail.com>: >> >>> Hi Maxim, >>> >>> Sorry but I still don't get it. I've got the keystore/truststore in conf >>> directory (directory created when unzipping apache-openmeetings-3.0.4.zip) >>> and configured in red5.properties. Where can I find the JVM own >>> keystore/truststore? Do you mean the cacerts found in java/lib/security? >>> >>> Thanks, >>> >>> On Wed, Feb 25, 2015 at 1:02 AM, Maxim Solodovnik <solomax...@gmail.com> >>> wrote: >>> >>>> your server JVM has its own keystore/truststore >>>> you need to add your certificate into it >>>> >>>> On Wed, Feb 25, 2015 at 12:45 AM, OpenAr-IT Soluciones < >>>> opena...@gmail.com> wrote: >>>> >>>>> Hi Maxim, what do you mean by "you need to add your certificate to the >>>>> trusted certificates of your server JVM"?. I have the same issue as >>>>> Lionel. >>>>> >>>>> Lionel, what did you do exactly? >>>>> >>>>> >>>>> Thanks in advance. >>>>> >>>>> >>>>> >>>>> On Wed, Feb 4, 2015 at 1:45 PM, Maxim Solodovnik <solomax...@gmail.com >>>>> > wrote: >>>>> >>>>>> you need to add your certificate to the trusted certificates of your >>>>>> server JVM >>>>>> >>>>>> On Wed, Feb 4, 2015 at 10:40 PM, Lionel Djeukam < >>>>>> lio.djoma...@gmail.com> wrote: >>>>>> >>>>>>> Ok, that's what i observed: >>>>>>> First of all, my certificate was added as expected in the trusted >>>>>>> list on the server side, therefore the following lines: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> *"adding as trusted cert: Subject: CN=139.6.237.96, >>>>>>> OU=Informationssicherheit, O=FH-Koeln, L=Koeln, ST=NRW, C=DE Issuer: >>>>>>> CN=139.6.237.96, OU=Informationssicherheit, O=FH-Koeln, L=Koeln, ST=NRW, >>>>>>> C=DE Algorithm: RSA; Serial number: 0x21787fbf Valid from Wed Feb 04 >>>>>>> 15:06:08 CET 2015 until Sat Jan 30 15:06:08 CET 201*6 >>>>>>> ... >>>>>>> ... " >>>>>>> >>>>>>> Second, during the TLS-Handshake, it seems like there is a problem >>>>>>> with my certificate on the client side >>>>>>> which followed to a fatal error: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> *"NioProcessor-21, READ: TLSv1 Alert, length = 2NioProcessor-21, >>>>>>> RECV TLSv1 ALERT: fatal, bad_certificateNioProcessor-21, fatal: engine >>>>>>> already closed. Rethrowing javax.net.ssl.SSLException: Received fatal >>>>>>> alert: bad_certificateNioProcessor-21, fatal: engine already closed. >>>>>>> Rethrowing javax.net.ssl.SSLException: Received fatal alert: >>>>>>> bad_certificate"* >>>>>>> >>>>>>> Should i do anythings else than just add an exception for my >>>>>>> certificate on the client side? >>>>>>> >>>>>>> >>>>>>> 2015-02-04 17:18 GMT+01:00 Maxim Solodovnik <solomax...@gmail.com>: >>>>>>> >>>>>>>> not sure what is wrong :(( >>>>>>>> >>>>>>>> you need to call >>>>>>>> sudo /etc/init.d/red5 stop >>>>>>>> >>>>>>>> then open ./red5-debug.sh add -Djavax.net.debug=all to the >>>>>>>> JAVA_OPTS >>>>>>>> then start ./red5-debug.sh from the console >>>>>>>> >>>>>>>> On Wed, Feb 4, 2015 at 10:09 PM, Lionel Djeukam < >>>>>>>> lio.djoma...@gmail.com> wrote: >>>>>>>> >>>>>>>>> That's realy strange because i did exactly what is content there: >>>>>>>>> http://openmeetings.apache.org/RTMPSAndHTTPS.html >>>>>>>>> >>>>>>>>> The only thing i did not make is to close the port 1935. Is it >>>>>>>>> mandotory? Should i just comment his line in the file red5.properties? >>>>>>>>> >>>>>>>>> A part from that i made what you adviced in the last mail. I >>>>>>>>> started the server as follow: >>>>>>>>> sudo /etc/init.d/red5 start -Djavax.net.debug=all >>>>>>>>> >>>>>>>>> and by executing "./red5-debug.sh" it does act as a normal >>>>>>>>> command, since i could not observe what append when trying to enter >>>>>>>>> to the >>>>>>>>> room >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> 2015-02-04 16:44 GMT+01:00 Maxim Solodovnik <solomax...@gmail.com> >>>>>>>>> : >>>>>>>>> >>>>>>>>>> It seems like you set up HTTPS but not RTMPS :( >>>>>>>>>> can you start red5 manually with this additional option: >>>>>>>>>> *-Djavax.net.debug=all* >>>>>>>>>> >>>>>>>>>> *then run ./red5-debug.sh and check the console while entering >>>>>>>>>> the room* >>>>>>>>>> >>>>>>>>>> On Wed, Feb 4, 2015 at 9:39 PM, Lionel Djeukam < >>>>>>>>>> lio.djoma...@gmail.com> wrote: >>>>>>>>>> >>>>>>>>>>> Hello, >>>>>>>>>>> i think i enjoyed to early :( >>>>>>>>>>> After configuring the server for HTTPs and RTMPs, i could finaly >>>>>>>>>>> connect to the https-page of my server. Then when a lauch a >>>>>>>>>>> conference, i >>>>>>>>>>> became the three mistakes in the subject field of this mail. >>>>>>>>>>> >>>>>>>>>>> I already had exeption to my Browser to recognise the >>>>>>>>>>> certificate as trusted-part. >>>>>>>>>>> >>>>>>>>>>> What could i do now? >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Master Student Communication systems and Network >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> WBR >>>>>>>>>> Maxim aka solomax >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> WBR >>>>>>>> Maxim aka solomax >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> WBR >>>>>> Maxim aka solomax >>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> WBR >>>> Maxim aka solomax >>>> >>> >>> >> >> >> -- >> Lionel >> > > -- WBR Maxim aka solomax
