[
https://issues.apache.org/jira/browse/OPENMEETINGS-2601?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17309008#comment-17309008
]
ASF subversion and git services commented on OPENMEETINGS-2601:
---------------------------------------------------------------
Commit 31efc23b0ffe61155de884ab172b977ade65028b in openmeetings's branch
refs/heads/feature/OPENMEETINGS-2601-configure-certificate-type-for-webrtcendpoint
from Sebastian Wagner
[ https://gitbox.apache.org/repos/asf?p=openmeetings.git;h=31efc23 ]
OPENMEETINGS-2601 Fix failing unit test.
> Ability to configure Kurento::WebRtcEndpoint.CertificateKeyType
> ---------------------------------------------------------------
>
> Key: OPENMEETINGS-2601
> URL: https://issues.apache.org/jira/browse/OPENMEETINGS-2601
> Project: Openmeetings
> Issue Type: Improvement
> Components: Cluster
> Affects Versions: 6.0.0
> Reporter: Sebastian Wagner
> Assignee: Sebastian Wagner
> Priority: Major
> Fix For: 6.1.0
>
>
> For some browsers (Firefox), in case multiple KMS servers are used, they
> require each KMS to use the same certificate.
> See:
> [https://doc-kurento.readthedocs.io/en/latest/features/security.html#media-plane-security-dtls]
> This requires configuring the certificate on Kurento, but it also requires
> setting the certificate type during creation of the WebRtcEndpoint:
> {code:java}
> ;; Certificate used for DTLS authentication.
> ;;
> ;; If you want KMS to use a specific certificate for DTLS, then provide it
> here.
> ;; You can provide both RSA or ECDSA files; the choice between them is done
> when
> ;; calling the WebRtcEndpoint constructor.
> ;;
> ;; If this setting isn't specified, a different set of self-signed
> certificates
> ;; is generated automatically for each WebRtcEndpoint instance.
> ;;
> ;; This setting can be helpful, for example, for situations where you have to
> ;; manage multiple media servers and want to make sure that all of them use
> the
> ;; same certificate. Some browsers, such as Firefox, require this in order to
> ;; allow multiple WebRTC connections from the same tab to different KMS.
> ;;
> ;; Absolute path to the concatenated certificate (chain) file(s) + private
> key,
> ;; in PEM format.
> ;;
> ;pemCertificateRSA=/path/to/cert+key.pem
> ;pemCertificateECDSA=/path/to/cert+key.pem
> {code}
> => "the choice between them is done when ;; calling the WebRtcEndpoint
> constructor."
> I tried this out, it is required to set the Certificate during the calling
> the constructor, just configuring it in KMS will not fix it.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
