Dear Maxim,
Am 18.07.2018 um 12:40 schrieb Maxim Solodovnik:
just re-read your initial email (wasn't practice in English for a long
time, hard to read very long emails :(( )
Have you added full certificates chain to both keystore and truststore of red5?
As far as I can tell, yes, there are chains in keystore. truststore is a
simple copy of keystore at the moment.
I tried to verify with the following command (in one line):
$ openssl s_client -connect www2.wolf-stuttgart.net:8443 -showcerts
-CApath /etc/ssl/certs/ < /dev/null
This says, that the certificate could be successfully verified. I thus
assume, this is running all right.
Now I tried 2 browsers, firefox and chrome, to navigate to
https://www2.wolf-stuttgart.net/openmeetings/hash?swf=network.
Firefox
-------
The second port symbol (RTMP connection) is a red cross.
Investigation with a network sniffer led to the problem, that the client
refuses/does not find the CA of the cert and closes down the connection.
Chrome
------
The symbol is green as desired.
The handshake of the client/server pair is visible. After that the
connection is encrypted and only binary "random" data is transmitted
that cannot be read (as desired) in a sniff.
Cheers
Christian
