сертификат подложены. конфиг прилагаю. смущает для разрешенного SSL
<property name="protocol" value="org.apache.coyote.http11.Http11NioProtocol" /> <property name="address" value="${http.host}:${http.port}" /> <property name="redirectPort" value="${https.port}" /> совпадает с не SSL это так и надо? <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:lang="http://www.springframework.org/schema/lang" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd"> <!-- War deployer --> <bean id="warDeployer" class="org.red5.server.tomcat.WarDeployer"> <property name="checkInterval" value="${war.deploy.server.check.interval}"/> <property name="webappFolder" value="${red5.root}/webapps"/> <!-- Expand war files prior to startup of the remaining services --> <property name="expandWars" value="true" /> </bean> <!-- The tomcat connectors may be blocking or non-blocking. Select between either option via the protocol property. Blocking I/O: <property name="protocol" value="org.apache.coyote.http11.Http11Protocol" /> Non-blocking I/O: <property name="protocol" value="org.apache.coyote.http11.Http11NioProtocol" /> --> <!-- Tomcat without SSL enabled --> <!-- <bean id="tomcat.server" class="org.red5.server.tomcat.TomcatLoader" depends-on="context.loader,warDeployer" lazy-init="true"> <property name="webappFolder" value="${red5.root}/webapps" /> <property name="connectors"> <list> <bean name="httpConnector" class="org.red5.server.tomcat.TomcatConnector"> <property name="protocol" value="org.apache.coyote.http11.Http11NioProtocol" /> <property name="address" value="${http.host}:${http.port}" /> <property name="redirectPort" value="${https.port}" /> <property name="connectionProperties"> <map> <entry key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/> <entry key="keepAliveTimout" value="-1"/> </map> </property> </bean> </list> </property> <property name="baseHost"> <bean class="org.apache.catalina.core.StandardHost"> <property name="name" value="${http.host}" /> </bean> </property> <property name="valves"> <list> <bean id="valve.access" class="org.apache.catalina.valves.AccessLogValve"> <property name="directory" value="log" /> <property name="prefix" value="${http.host}_access." /> <property name="suffix" value=".log" /> <property name="pattern" value="common" /> <property name="rotatable" value="true" /> </bean> </list> </property> </bean> --> <!-- Tomcat with SSL enabled --> <bean id="tomcat.server" class="org.red5.server.tomcat.TomcatLoader" depends-on="context.loader" lazy-init="true"> <property name="webappFolder" value="${red5.root}/webapps" /> <property name="connectors"> <list> <bean name="httpConnector" class="org.red5.server.tomcat.TomcatConnector"> <property name="protocol" value="org.apache.coyote.http11.Http11NioProtocol" /> <property name="address" value="${http.host}:${http.port}" /> <property name="redirectPort" value="${https.port}" /> </bean> <bean name="httpsConnector" class="org.red5.server.tomcat.TomcatConnector"> <property name="secure" value="true" /> <property name="protocol" value="org.apache.coyote.http11.Http11NioProtocol" /> <property name="address" value="${http.host}:${https.port}" /> <property name="redirectPort" value="${http.port}" /> <property name="connectionProperties"> <map> <entry key="port" value="${https.port}" /> <entry key="redirectPort" value="${http.port}" /> <entry key="SSLEnabled" value="true" /> <entry key="sslProtocol" value="TLS" /> <entry key="keystoreFile" value="${rtmps.keystorefile}" /> <entry key="keystorePass" value="${rtmps.keystorepass}" /> <entry key="keystoreType" value="JKS" /> <entry key="truststoreFile" value="${rtmps.truststorefile}" /> <entry key="truststorePass" value="${rtmps.truststorepass}" /> <entry key="clientAuth" value="false" /> <entry key="allowUnsafeLegacyRenegotiation" value="true" /> <entry key="maxKeepAliveRequests" value="${http.max_keep_alive_requests}"/> <entry key="keepAliveTimout" value="-1"/> <entry key="useExecutor" value="true"/> <entry key="maxThreads" value="${http.max_threads}"/> <entry key="acceptorThreadCount" value="${http.acceptor_thread_count}"/> <entry key="processorCache" value="${http.processor_cache}"/> </map> </property> </bean> </list> </property> <property name="baseHost"> <bean class="org.apache.catalina.core.StandardHost"> <property name="name" value="${http.host}" /> </bean> </property> </bean> <!-- This entry enabled websocket support on port 8081 at localhost --> <bean id="webSocketTransport" class="org.red5.net.websocket.WebSocketTransport"> <property name="addresses"> <list> <value>${ws.host}:${ws.port}</value> </list> </property> </bean> </beans> 20 ноября 2017 г., 12:44 пользователь Maxim Solodovnik <solomax...@gmail.com > написал: > нужно переёти на https чтобы видео и звук работали в любой версии > при этом flash может быть "не безопасным" > > требование это не нами придумано > это разработчики браузеров постарались > > 2017-11-20 16:35 GMT+07:00 Julia Filippova <ju...@distant.msu.ru>: > > > Максим, добрый день! > > Я правильно понимаю, что все-таки нужно перейти на https, чтобы видео с > > микрофоном работали в браузерах в версии 4.0.х? > > > > 2017-11-20 12:06 GMT+03:00 Maxim Solodovnik <solomax...@gmail.com>: > > > > > Только вчера всё перепроверил > > > > > > чтобы поднять https (порт 5443 по-умолчанию) нужно > > > 1) поправить jee-container.xml как описано в инструкции > > > 2) подложить keystore/truststore > > > 3) перепустить > > > И всё :) > > > > > > On Mon, Nov 20, 2017 at 4:00 PM, Sergei A Byakov <gunslo...@gmail.com> > > > wrote: > > > > > > > по поводу curl с https накосячил, но все равно не открывается > > > > > > > > 2017-11-16 17:38 GMT+03:00 Sergei A Byakov <gunslo...@gmail.com>: > > > > > > > > > Установил сертификат. Поменял пароль в xml конфигах, поменял > > > > > red5-code.xml по документу. Не открывается на 5443 порту. В логах > > > ошибка > > > > > [5081:5123:1116/173552.354220:ERROR:ssl_client_socket_impl. > cc(1072)] > > > > > handshake failed; returned -1, SSL error code 1, net_error -113 > > > > > > > > > > > > > > > > > > > > [root@huntinglab opt]# keytool -list -keystore > > red5/conf/keystore.jks > > > -v > > > > > Enter keystore password: > > > > > > > > > > Keystore type: JKS > > > > > Keystore provider: SUN > > > > > > > > > > Your keystore contains 1 entry > > > > > > > > > > Alias name: root > > > > > Creation date: Nov 16, 2017 > > > > > Entry type: trustedCertEntry > > > > > > > > > > Owner: CN=huntinglab.ru, OU=PositiveSSL, OU=Domain Control > Validated > > > > > Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO > CA > > > > > Limited, L=Salford, ST=Greater Manchester, C=GB > > > > > Serial number: 1f075a081fbf4aefed553e89555b22aa > > > > > Valid from: Thu Jul 06 03:00:00 MSK 2017 until: Sat Jul 07 02:59:59 > > MSK > > > > > 2018 > > > > > Certificate fingerprints: > > > > > MD5: xxxxxx > > > > > SHA1: xxxxxx > > > > > SHA256: xxxxxx > > > > > Signature algorithm name: SHA256withRSA > > > > > Version: 3 > > > > > > > > > > Extensions: > > > > > > > > > > #1: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false > > > > > AuthorityInfoAccess [ > > > > > [ > > > > > accessMethod: caIssuers > > > > > accessLocation: URIName: http://crt.comodoca.com/ > > > > > COMODORSADomainValidationSecureServerCA.crt > > > > > , > > > > > accessMethod: ocsp > > > > > accessLocation: URIName: http://ocsp.comodoca.com > > > > > ] > > > > > ] > > > > > > > > > > #2: ObjectId: 2.5.29.35 Criticality=false > > > > > AuthorityKeyIdentifier [ > > > > > KeyIdentifier [ > > > > > 0000: xxxxxxx ..j:.Z.....Vs.C. > > > > > 0010: xxxxx :(.. > > > > > ] > > > > > ] > > > > > > > > > > #3: ObjectId: 2.5.29.19 Criticality=true > > > > > BasicConstraints:[ > > > > > CA:false > > > > > PathLen: undefined > > > > > ] > > > > > > > > > > #4: ObjectId: 2.5.29.31 Criticality=false > > > > > CRLDistributionPoints [ > > > > > [DistributionPoint: > > > > > [URIName: http://crl.comodoca.com/ > > COMODORSADomainValidationSecur > > > > > eServerCA.crl] > > > > > ]] > > > > > > > > > > #5: ObjectId: 2.5.29.32 Criticality=false > > > > > CertificatePolicies [ > > > > > [CertificatePolicyId: [1.3.6.1.4.1.6449.1.2.2.7] > > > > > [PolicyQualifierInfo: [ > > > > > qualifierID: 1.3.6.1.5.5.7.2.1 > > > > > qualifier: 0000: xxxxxxx ..https://secure > > > > > 0010: xxxxxxx .comodo.com/CPS > > > > > > > > > > ]] ] > > > > > [CertificatePolicyId: [2.23.140.1.2.1] > > > > > [] ] > > > > > ] > > > > > > > > > > #6: ObjectId: 2.5.29.37 Criticality=false > > > > > ExtendedKeyUsages [ > > > > > serverAuth > > > > > clientAuth > > > > > ] > > > > > > > > > > #7: ObjectId: 2.5.29.15 Criticality=true > > > > > KeyUsage [ > > > > > DigitalSignature > > > > > Key_Encipherment > > > > > ] > > > > > > > > > > #8: ObjectId: 2.5.29.17 Criticality=false > > > > > SubjectAlternativeName [ > > > > > DNSName: huntinglab.ru > > > > > DNSName: www.huntinglab.ru > > > > > ] > > > > > > > > > > #9: ObjectId: 2.5.29.14 Criticality=false > > > > > SubjectKeyIdentifier [ > > > > > KeyIdentifier [ > > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > > > > ] > > > > > ] > > > > > > > > > > > > > > > > > > > > ******************************************* > > > > > ******************************************* > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > С Уважением, Сергей. > > > > > > > > моб: 960 515 39 45 > > > > skype: sbyakov > > > > https://www.facebook.com/s.byakov > > > > > > > > > > > > > > > > -- > > > WBR > > > Maxim aka solomax > > > > > > > > > > > -- > > ---С уважением, > > специалист технической поддержки ЦРЭОР МГУ, Юлия. > > > > > > -- > WBR > Maxim aka solomax > -- С Уважением, Сергей. моб: 960 515 39 45 skype: sbyakov https://www.facebook.com/s.byakov