Hello Christian, >> I want to proxy the web interface through apache (with SSL). This is >> working. I can remotely access OM.
Would you be kind enough to share the Apache SSL configuration? We are facing issues in connecting through “proxy HTTPS + OM HTTP”. We are using a different proxy server, but can learn from your Apache configuration to adapt to our proxy. How is your configuration different from this: http://mail-archives.apache.org/mod_mbox/openmeetings-user/201805.mbox/%3Ctrinity-46cc4ce2-542c-4f5a-872b-ae86bbb100c4-1526140744656@3c-app-mailcom-bs02%3E? Thank you. Sincerely, Hemant K. Sabat www.Coscend.com <http://www.coscend.com/> ------------------------------------------------------------------ Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly… ------------------------------------------------------------------ CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html -----Original Message----- From: Maxim Solodovnik [mailto:solomax...@gmail.com] Sent: Tuesday, July 17, 2018 9:19 AM To: Openmeetings user-list <user@openmeetings.apache.org> Subject: Re: Problems with certificates with RMTPS I'm afraid in case of full secured proxied configuration you need to use RTPMTS (tunneled secured RTMP) example of RTMPT config can be found in mail archives, for ex here: https://markmail.org/message/l7oltgy74zxo2pjc On Tue, Jul 17, 2018 at 8:31 PM Christian Wolf <christianlu...@gmx.de <mailto:christianlu...@gmx.de> > wrote: > > Dear community, > > I have a strange behavior with my installation of OM. I want to proxy > the web interface through apache (with SSL). This is working. I can > remotely access OM. All right. > > Now I want RMTP to be encrypted as well. Here I created another > certificate from Let's Encrypt (LE) just for the RMTPS purpose. The > common name (CN) is simply the host name just like e.g. for the https > server. > > Then I wanted to adopt the configuration of OM accordingly. This is > set up that I enabled in <OM>/conf/red5-core.conf the corresponding > section, added in the global configuration (web frontend) > flash.secure=true and flash.secure.proxy=best. I added the keys to the > keystore exaclty as in > https://markmail.org/message/j4gx2q6woidyqj7l#query:+page:1+mid:ik4qdh > dychl364bp+state:results as far as I can tell. I tried the network > test of OM and get still a red cross for the RTMP(S) port when using > Firefox. > > A sniff with wireshark shows that the client connects to port 8443 as > intended and an SSL session is started. The server sends the > certificates I gave plus the intermediate certificate from LE. It does > not send the root certificate. I do not know if this is right or wrong. > Nevertheless, the client seems to refuse the certificate and shuts > down the SSL connection with the reason "Unknown CA". This happen > instantly after the server sent his certificate chain. > > When looking into this it looks as Chrome seemed to accept the > certificate. I know that Chrome does many things "differently", thus > it is possible that everything is a problem of my local configuration > withing firefox/OS. > When trying the connection with `openssl s_client ...` I can > successfully connect and verify the certificate chain. Thus in general > it seems to work. > > My interpretation is that the (flash) client refuses the LE root > certificate for some reason and terminates the connection due to > security concerns. > > Is my interpretation correct? How can I overcome this? > > Thank you and cheers > Christian > > -- > Mit freundlichen Grüßen > Christian Wolf -- WBR Maxim aka solomax --- This email has been checked for viruses by AVG. https://www.avg.com
