After a lot of struggling I finally got rtmps and https channels working with self signed certificates (using openssl as a personal certificate authority)
see this post http://www.adobe.com/cfusion/webforums/forum/messageview.cfm?catid=583&threadid=1242192 Doug, Thank you for your help. The cacerts tip was key. Cheers, -Vito --- In [email protected], "vitopn" <[EMAIL PROTECTED]> wrote: > > Tried that, still getting > "NetConnection.Connect.CertificateUntrustedSigner". > > I also tried putting the cert in firefox but that didn't work either. > Where exactly is Flex looking for the cert chain? > > Has anyone used a self signed cert for SecureRTMP? If so, a quick > step by step post would really really be appreciated. > > Thank you, > -Vito > > --- In [email protected], "Doug Lowder" <douglowder@> wrote: > > > > See if you have a keystore named "cacerts" under your Java > > installation folder, and if so add the key to that keystore as well. > > > > --- In [email protected], "vitopn" <vitopn@> wrote: > > > > > > Hi Doug, > > > > > > I'm fairly certain that the self-signed cert is in the keystore. > > > (Doesn't "keytool -genkey .." store the newly generated cert in the > > > keystore?) I am doing a list and the flex2cert is in there. > > > > > > C:\Documents and Settings\vitopn>keytool -list -keystore > > > C:\Tomcat\webapps\Presidio\WEB-INF\flex\.keystore > > > Enter keystore password: changeit > > > > > > Keystore type: jks > > > Keystore provider: SUN > > > > > > Your keystore contains 2 entries > > > > > > tomcat, Feb 8, 2007, keyEntry, > > > Certificate fingerprint (MD5): > > > FB:13:46:DE:C5:F9:BA:F7:D0:57:95:58:D5:AA:80:4F > > > flex2cert, Feb 8, 2007, keyEntry, > > > Certificate fingerprint (MD5): > > > B5:8D:4C:DD:01:9B:09:01:3E:88:B9:90:4D:8F:70:6C > > > > > > Any other thoughts? > > > > > > Thank you, > > > -Vito > > > > > > --- In [email protected], "Doug Lowder" <douglowder@> wrote: > > > > > > > > > > > > Looks like you didn't add the self-signed certificate to the > > keystore. > > > > Check out the "keytool -import" command. > > > > > > > > > > > > > > http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html#Comman\ > > > > ds > > > > > > > > > > <http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html#Comma\ > > > > nds> > > > > > > > > > > <http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html#Comma\ > > > > nds> > > > > > > > > > > > > --- In [email protected], "vitopn" <vitopn@> wrote: > > > > > > > > > > What steps do I need to take to get a self signed certificate to > > work > > > > > with SecureRTMPChannel? > > > > > > > > > > I generate the keystore file with something like this: > > > > > keytool -genkey -alias flex2cert -dname "CN=localhost, > OU=Presidio, > > > > > O=Presidio, L=San Francisco, S=California, C=CA" -validity 3650 > > > > > > > > > > and configure the channel like this: > > > > > <channel-definition id="secureRTMP" > > > > > class="mx.messaging.channels.SecureRTMPChannel"> > > > > > <endpoint uri="rtmps://localhost:2099" > > > > > class="flex.messaging.endpoints.SecureRTMPEndpoint" /> > > > > > <properties> > > > > > <idle-timeout-minutes>20</idle-timeout-minutes> > > > > > > > > > > > > > > > <keystore-file>C:/Tomcat/webapps/Presidio/WEB-INF/flex/.keystore</keysto\ > > > > re-file> > > > > > <keystore-password>changeit</keystore-password> > > > > > </properties> > > > > > </channel-definition> > > > > > > > > > > > > > > > The server starts and I see this in the console: > > > > > [Flex][INFO] Endpoint secureRTMP created with security: None > > > > > at URI: rtmps://localhost:2099 > > > > > [Flex][WARN] The current license does not support clustering; > > > > > clustering for all destinations is disabled. > > > > > [Flex][INFO] RTMPS-Server listening on port:2099 > > > > > [Flex][DEBUG] Created worker thread: RTMPS-Worker-0 > > > > > [Flex][DEBUG] Created worker thread: RTMPS-Worker-1 > > > > > [Flex][DEBUG] Created worker thread: RTMPS-Worker-2 > > > > > [Flex][DEBUG] Created worker thread: RTMPS-Worker-3 > > > > > > > > > > > > > > > When I try to connect I get this: > > > > > > > > > > 'secureRTMP' channel got status. (Object)#0 > > > > > code = "NetConnection.Connect.CertificateUntrustedSigner" > > > > > level = "status" > > > > > > > > > > > > > > > Thank you, > > > > > -Vito > > > > > > > > > > > > > > >
