[flexcoders] Re: Self Signed Cert. For Secure SecureRTMPChannel
Tried that, still getting NetConnection.Connect.CertificateUntrustedSigner. I also tried putting the cert in firefox but that didn't work either. Where exactly is Flex looking for the cert chain? Has anyone used a self signed cert for SecureRTMP? If so, a quick step by step post would really really be appreciated. Thank you, -Vito --- In flexcoders@yahoogroups.com, Doug Lowder [EMAIL PROTECTED] wrote: See if you have a keystore named cacerts under your Java installation folder, and if so add the key to that keystore as well. --- In flexcoders@yahoogroups.com, vitopn vitopn@ wrote: Hi Doug, I'm fairly certain that the self-signed cert is in the keystore. (Doesn't keytool -genkey .. store the newly generated cert in the keystore?) I am doing a list and the flex2cert is in there. C:\Documents and Settings\vitopnkeytool -list -keystore C:\Tomcat\webapps\Presidio\WEB-INF\flex\.keystore Enter keystore password: changeit Keystore type: jks Keystore provider: SUN Your keystore contains 2 entries tomcat, Feb 8, 2007, keyEntry, Certificate fingerprint (MD5): FB:13:46:DE:C5:F9:BA:F7:D0:57:95:58:D5:AA:80:4F flex2cert, Feb 8, 2007, keyEntry, Certificate fingerprint (MD5): B5:8D:4C:DD:01:9B:09:01:3E:88:B9:90:4D:8F:70:6C Any other thoughts? Thank you, -Vito --- In flexcoders@yahoogroups.com, Doug Lowder douglowder@ wrote: Looks like you didn't add the self-signed certificate to the keystore. Check out the keytool -import command. http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html#Comman\ ds http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html#Comma\ nds http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html#Comma\ nds --- In flexcoders@yahoogroups.com, vitopn vitopn@ wrote: What steps do I need to take to get a self signed certificate to work with SecureRTMPChannel? I generate the keystore file with something like this: keytool -genkey -alias flex2cert -dname CN=localhost, OU=Presidio, O=Presidio, L=San Francisco, S=California, C=CA -validity 3650 and configure the channel like this: channel-definition id=secureRTMP class=mx.messaging.channels.SecureRTMPChannel endpoint uri=rtmps://localhost:2099 class=flex.messaging.endpoints.SecureRTMPEndpoint / properties idle-timeout-minutes20/idle-timeout-minutes keystore-fileC:/Tomcat/webapps/Presidio/WEB-INF/flex/.keystore/keysto\ re-file keystore-passwordchangeit/keystore-password /properties /channel-definition The server starts and I see this in the console: [Flex][INFO] Endpoint secureRTMP created with security: None at URI: rtmps://localhost:2099 [Flex][WARN] The current license does not support clustering; clustering for all destinations is disabled. [Flex][INFO] RTMPS-Server listening on port:2099 [Flex][DEBUG] Created worker thread: RTMPS-Worker-0 [Flex][DEBUG] Created worker thread: RTMPS-Worker-1 [Flex][DEBUG] Created worker thread: RTMPS-Worker-2 [Flex][DEBUG] Created worker thread: RTMPS-Worker-3 When I try to connect I get this: 'secureRTMP' channel got status. (Object)#0 code = NetConnection.Connect.CertificateUntrustedSigner level = status Thank you, -Vito
[flexcoders] Re: Self Signed Cert. For Secure SecureRTMPChannel
After a lot of struggling I finally got rtmps and https channels working with self signed certificates (using openssl as a personal certificate authority) see this post http://www.adobe.com/cfusion/webforums/forum/messageview.cfm?catid=583threadid=1242192 Doug, Thank you for your help. The cacerts tip was key. Cheers, -Vito --- In flexcoders@yahoogroups.com, vitopn [EMAIL PROTECTED] wrote: Tried that, still getting NetConnection.Connect.CertificateUntrustedSigner. I also tried putting the cert in firefox but that didn't work either. Where exactly is Flex looking for the cert chain? Has anyone used a self signed cert for SecureRTMP? If so, a quick step by step post would really really be appreciated. Thank you, -Vito --- In flexcoders@yahoogroups.com, Doug Lowder douglowder@ wrote: See if you have a keystore named cacerts under your Java installation folder, and if so add the key to that keystore as well. --- In flexcoders@yahoogroups.com, vitopn vitopn@ wrote: Hi Doug, I'm fairly certain that the self-signed cert is in the keystore. (Doesn't keytool -genkey .. store the newly generated cert in the keystore?) I am doing a list and the flex2cert is in there. C:\Documents and Settings\vitopnkeytool -list -keystore C:\Tomcat\webapps\Presidio\WEB-INF\flex\.keystore Enter keystore password: changeit Keystore type: jks Keystore provider: SUN Your keystore contains 2 entries tomcat, Feb 8, 2007, keyEntry, Certificate fingerprint (MD5): FB:13:46:DE:C5:F9:BA:F7:D0:57:95:58:D5:AA:80:4F flex2cert, Feb 8, 2007, keyEntry, Certificate fingerprint (MD5): B5:8D:4C:DD:01:9B:09:01:3E:88:B9:90:4D:8F:70:6C Any other thoughts? Thank you, -Vito --- In flexcoders@yahoogroups.com, Doug Lowder douglowder@ wrote: Looks like you didn't add the self-signed certificate to the keystore. Check out the keytool -import command. http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html#Comman\ ds http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html#Comma\ nds http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html#Comma\ nds --- In flexcoders@yahoogroups.com, vitopn vitopn@ wrote: What steps do I need to take to get a self signed certificate to work with SecureRTMPChannel? I generate the keystore file with something like this: keytool -genkey -alias flex2cert -dname CN=localhost, OU=Presidio, O=Presidio, L=San Francisco, S=California, C=CA -validity 3650 and configure the channel like this: channel-definition id=secureRTMP class=mx.messaging.channels.SecureRTMPChannel endpoint uri=rtmps://localhost:2099 class=flex.messaging.endpoints.SecureRTMPEndpoint / properties idle-timeout-minutes20/idle-timeout-minutes keystore-fileC:/Tomcat/webapps/Presidio/WEB-INF/flex/.keystore/keysto\ re-file keystore-passwordchangeit/keystore-password /properties /channel-definition The server starts and I see this in the console: [Flex][INFO] Endpoint secureRTMP created with security: None at URI: rtmps://localhost:2099 [Flex][WARN] The current license does not support clustering; clustering for all destinations is disabled. [Flex][INFO] RTMPS-Server listening on port:2099 [Flex][DEBUG] Created worker thread: RTMPS-Worker-0 [Flex][DEBUG] Created worker thread: RTMPS-Worker-1 [Flex][DEBUG] Created worker thread: RTMPS-Worker-2 [Flex][DEBUG] Created worker thread: RTMPS-Worker-3 When I try to connect I get this: 'secureRTMP' channel got status. (Object)#0 code = NetConnection.Connect.CertificateUntrustedSigner level = status Thank you, -Vito
[flexcoders] Re: Self Signed Cert. For Secure SecureRTMPChannel
See if you have a keystore named cacerts under your Java installation folder, and if so add the key to that keystore as well. --- In flexcoders@yahoogroups.com, vitopn [EMAIL PROTECTED] wrote: Hi Doug, I'm fairly certain that the self-signed cert is in the keystore. (Doesn't keytool -genkey .. store the newly generated cert in the keystore?) I am doing a list and the flex2cert is in there. C:\Documents and Settings\vitopnkeytool -list -keystore C:\Tomcat\webapps\Presidio\WEB-INF\flex\.keystore Enter keystore password: changeit Keystore type: jks Keystore provider: SUN Your keystore contains 2 entries tomcat, Feb 8, 2007, keyEntry, Certificate fingerprint (MD5): FB:13:46:DE:C5:F9:BA:F7:D0:57:95:58:D5:AA:80:4F flex2cert, Feb 8, 2007, keyEntry, Certificate fingerprint (MD5): B5:8D:4C:DD:01:9B:09:01:3E:88:B9:90:4D:8F:70:6C Any other thoughts? Thank you, -Vito --- In flexcoders@yahoogroups.com, Doug Lowder douglowder@ wrote: Looks like you didn't add the self-signed certificate to the keystore. Check out the keytool -import command. http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html#Comman\ ds http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html#Comma\ nds http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html#Comma\ nds --- In flexcoders@yahoogroups.com, vitopn vitopn@ wrote: What steps do I need to take to get a self signed certificate to work with SecureRTMPChannel? I generate the keystore file with something like this: keytool -genkey -alias flex2cert -dname CN=localhost, OU=Presidio, O=Presidio, L=San Francisco, S=California, C=CA -validity 3650 and configure the channel like this: channel-definition id=secureRTMP class=mx.messaging.channels.SecureRTMPChannel endpoint uri=rtmps://localhost:2099 class=flex.messaging.endpoints.SecureRTMPEndpoint / properties idle-timeout-minutes20/idle-timeout-minutes keystore-fileC:/Tomcat/webapps/Presidio/WEB-INF/flex/.keystore/keysto\ re-file keystore-passwordchangeit/keystore-password /properties /channel-definition The server starts and I see this in the console: [Flex][INFO] Endpoint secureRTMP created with security: None at URI: rtmps://localhost:2099 [Flex][WARN] The current license does not support clustering; clustering for all destinations is disabled. [Flex][INFO] RTMPS-Server listening on port:2099 [Flex][DEBUG] Created worker thread: RTMPS-Worker-0 [Flex][DEBUG] Created worker thread: RTMPS-Worker-1 [Flex][DEBUG] Created worker thread: RTMPS-Worker-2 [Flex][DEBUG] Created worker thread: RTMPS-Worker-3 When I try to connect I get this: 'secureRTMP' channel got status. (Object)#0 code = NetConnection.Connect.CertificateUntrustedSigner level = status Thank you, -Vito
[flexcoders] Re: Self Signed Cert. For Secure SecureRTMPChannel
Looks like you didn't add the self-signed certificate to the keystore. Check out the keytool -import command. http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html#Comman\ ds http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html#Comma\ nds http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html#Comma\ nds --- In flexcoders@yahoogroups.com, vitopn [EMAIL PROTECTED] wrote: What steps do I need to take to get a self signed certificate to work with SecureRTMPChannel? I generate the keystore file with something like this: keytool -genkey -alias flex2cert -dname CN=localhost, OU=Presidio, O=Presidio, L=San Francisco, S=California, C=CA -validity 3650 and configure the channel like this: channel-definition id=secureRTMP class=mx.messaging.channels.SecureRTMPChannel endpoint uri=rtmps://localhost:2099 class=flex.messaging.endpoints.SecureRTMPEndpoint / properties idle-timeout-minutes20/idle-timeout-minutes keystore-fileC:/Tomcat/webapps/Presidio/WEB-INF/flex/.keystore/keysto\ re-file keystore-passwordchangeit/keystore-password /properties /channel-definition The server starts and I see this in the console: [Flex][INFO] Endpoint secureRTMP created with security: None at URI: rtmps://localhost:2099 [Flex][WARN] The current license does not support clustering; clustering for all destinations is disabled. [Flex][INFO] RTMPS-Server listening on port:2099 [Flex][DEBUG] Created worker thread: RTMPS-Worker-0 [Flex][DEBUG] Created worker thread: RTMPS-Worker-1 [Flex][DEBUG] Created worker thread: RTMPS-Worker-2 [Flex][DEBUG] Created worker thread: RTMPS-Worker-3 When I try to connect I get this: 'secureRTMP' channel got status. (Object)#0 code = NetConnection.Connect.CertificateUntrustedSigner level = status Thank you, -Vito
[flexcoders] Re: Self Signed Cert. For Secure SecureRTMPChannel
Hi Doug, I'm fairly certain that the self-signed cert is in the keystore. (Doesn't keytool -genkey .. store the newly generated cert in the keystore?) I am doing a list and the flex2cert is in there. C:\Documents and Settings\vitopnkeytool -list -keystore C:\Tomcat\webapps\Presidio\WEB-INF\flex\.keystore Enter keystore password: changeit Keystore type: jks Keystore provider: SUN Your keystore contains 2 entries tomcat, Feb 8, 2007, keyEntry, Certificate fingerprint (MD5): FB:13:46:DE:C5:F9:BA:F7:D0:57:95:58:D5:AA:80:4F flex2cert, Feb 8, 2007, keyEntry, Certificate fingerprint (MD5): B5:8D:4C:DD:01:9B:09:01:3E:88:B9:90:4D:8F:70:6C Any other thoughts? Thank you, -Vito --- In flexcoders@yahoogroups.com, Doug Lowder [EMAIL PROTECTED] wrote: Looks like you didn't add the self-signed certificate to the keystore. Check out the keytool -import command. http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html#Comman\ ds http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html#Comma\ nds http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html#Comma\ nds --- In flexcoders@yahoogroups.com, vitopn vitopn@ wrote: What steps do I need to take to get a self signed certificate to work with SecureRTMPChannel? I generate the keystore file with something like this: keytool -genkey -alias flex2cert -dname CN=localhost, OU=Presidio, O=Presidio, L=San Francisco, S=California, C=CA -validity 3650 and configure the channel like this: channel-definition id=secureRTMP class=mx.messaging.channels.SecureRTMPChannel endpoint uri=rtmps://localhost:2099 class=flex.messaging.endpoints.SecureRTMPEndpoint / properties idle-timeout-minutes20/idle-timeout-minutes keystore-fileC:/Tomcat/webapps/Presidio/WEB-INF/flex/.keystore/keysto\ re-file keystore-passwordchangeit/keystore-password /properties /channel-definition The server starts and I see this in the console: [Flex][INFO] Endpoint secureRTMP created with security: None at URI: rtmps://localhost:2099 [Flex][WARN] The current license does not support clustering; clustering for all destinations is disabled. [Flex][INFO] RTMPS-Server listening on port:2099 [Flex][DEBUG] Created worker thread: RTMPS-Worker-0 [Flex][DEBUG] Created worker thread: RTMPS-Worker-1 [Flex][DEBUG] Created worker thread: RTMPS-Worker-2 [Flex][DEBUG] Created worker thread: RTMPS-Worker-3 When I try to connect I get this: 'secureRTMP' channel got status. (Object)#0 code = NetConnection.Connect.CertificateUntrustedSigner level = status Thank you, -Vito