сертификат подложены. конфиг прилагаю.
смущает для разрешенного SSL
<property name="protocol"
value="org.apache.coyote.http11.Http11NioProtocol" />
<property name="address" value="${http.host}:${http.port}" />
<property name="redirectPort" value="${https.port}" />
совпадает с не SSL это так и надо?
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:lang="http://www.springframework.org/schema/lang";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/lang
http://www.springframework.org/schema/lang/spring-lang.xsd";>
<!-- War deployer -->
<bean id="warDeployer" class="org.red5.server.tomcat.WarDeployer">
<property name="checkInterval"
value="${war.deploy.server.check.interval}"/>
<property name="webappFolder" value="${red5.root}/webapps"/>
<!-- Expand war files prior to startup of the remaining services -->
<property name="expandWars" value="true" />
</bean>
<!--
The tomcat connectors may be blocking or non-blocking. Select between
either option via the protocol property.
Blocking I/O:
<property name="protocol"
value="org.apache.coyote.http11.Http11Protocol" />
Non-blocking I/O:
<property name="protocol"
value="org.apache.coyote.http11.Http11NioProtocol" />
-->
<!-- Tomcat without SSL enabled -->
<!--
<bean id="tomcat.server" class="org.red5.server.tomcat.TomcatLoader"
depends-on="context.loader,warDeployer" lazy-init="true">
<property name="webappFolder" value="${red5.root}/webapps" />
<property name="connectors">
<list>
<bean name="httpConnector"
class="org.red5.server.tomcat.TomcatConnector">
<property name="protocol"
value="org.apache.coyote.http11.Http11NioProtocol" />
<property name="address"
value="${http.host}:${http.port}" />
<property name="redirectPort" value="${https.port}" />
<property name="connectionProperties">
<map>
<entry key="maxKeepAliveRequests"
value="${http.max_keep_alive_requests}"/>
<entry key="keepAliveTimout" value="-1"/>
</map>
</property>
</bean>
</list>
</property>
<property name="baseHost">
<bean class="org.apache.catalina.core.StandardHost">
<property name="name" value="${http.host}" />
</bean>
</property>
<property name="valves">
<list>
<bean id="valve.access"
class="org.apache.catalina.valves.AccessLogValve">
<property name="directory" value="log" />
<property name="prefix" value="${http.host}_access." />
<property name="suffix" value=".log" />
<property name="pattern" value="common" />
<property name="rotatable" value="true" />
</bean>
</list>
</property>
</bean>
-->
<!-- Tomcat with SSL enabled -->
<bean id="tomcat.server" class="org.red5.server.tomcat.TomcatLoader"
depends-on="context.loader" lazy-init="true">
<property name="webappFolder" value="${red5.root}/webapps" />
<property name="connectors">
<list>
<bean name="httpConnector"
class="org.red5.server.tomcat.TomcatConnector">
<property name="protocol"
value="org.apache.coyote.http11.Http11NioProtocol" />
<property name="address"
value="${http.host}:${http.port}" />
<property name="redirectPort" value="${https.port}" />
</bean>
<bean name="httpsConnector"
class="org.red5.server.tomcat.TomcatConnector">
<property name="secure" value="true" />
<property name="protocol"
value="org.apache.coyote.http11.Http11NioProtocol" />
<property name="address"
value="${http.host}:${https.port}" />
<property name="redirectPort" value="${http.port}" />
<property name="connectionProperties">
<map>
<entry key="port" value="${https.port}" />
<entry key="redirectPort" value="${http.port}"
/>
<entry key="SSLEnabled" value="true" />
<entry key="sslProtocol" value="TLS" />
<entry key="keystoreFile"
value="${rtmps.keystorefile}" />
<entry key="keystorePass"
value="${rtmps.keystorepass}" />
<entry key="keystoreType" value="JKS" />
<entry key="truststoreFile"
value="${rtmps.truststorefile}" />
<entry key="truststorePass"
value="${rtmps.truststorepass}" />
<entry key="clientAuth" value="false" />
<entry key="allowUnsafeLegacyRenegotiation"
value="true" />
<entry key="maxKeepAliveRequests"
value="${http.max_keep_alive_requests}"/>
<entry key="keepAliveTimout" value="-1"/>
<entry key="useExecutor" value="true"/>
<entry key="maxThreads"
value="${http.max_threads}"/>
<entry key="acceptorThreadCount"
value="${http.acceptor_thread_count}"/>
<entry key="processorCache"
value="${http.processor_cache}"/>
</map>
</property>
</bean>
</list>
</property>
<property name="baseHost">
<bean class="org.apache.catalina.core.StandardHost">
<property name="name" value="${http.host}" />
</bean>
</property>
</bean>
<!-- This entry enabled websocket support on port 8081 at localhost -->
<bean id="webSocketTransport"
class="org.red5.net.websocket.WebSocketTransport">
<property name="addresses">
<list>
<value>${ws.host}:${ws.port}</value>
</list>
</property>
</bean>
</beans>
20 ноября 2017 г., 12:44 пользователь Maxim Solodovnik <solomax...@gmail.com
> написал:
> нужно переёти на https чтобы видео и звук работали в любой версии
> при этом flash может быть "не безопасным"
>
> требование это не нами придумано
> это разработчики браузеров постарались
>
> 2017-11-20 16:35 GMT+07:00 Julia Filippova <ju...@distant.msu.ru>:
>
> > Максим, добрый день!
> > Я правильно понимаю, что все-таки нужно перейти на https, чтобы видео с
> > микрофоном работали в браузерах в версии 4.0.х?
> >
> > 2017-11-20 12:06 GMT+03:00 Maxim Solodovnik <solomax...@gmail.com>:
> >
> > > Только вчера всё перепроверил
> > >
> > > чтобы поднять https (порт 5443 по-умолчанию) нужно
> > > 1) поправить jee-container.xml как описано в инструкции
> > > 2) подложить keystore/truststore
> > > 3) перепустить
> > > И всё :)
> > >
> > > On Mon, Nov 20, 2017 at 4:00 PM, Sergei A Byakov <gunslo...@gmail.com>
> > > wrote:
> > >
> > > > по поводу curl с https накосячил, но все равно не открывается
> > > >
> > > > 2017-11-16 17:38 GMT+03:00 Sergei A Byakov <gunslo...@gmail.com>:
> > > >
> > > > > Установил сертификат. Поменял пароль в xml конфигах, поменял
> > > > > red5-code.xml по документу. Не открывается на 5443 порту. В логах
> > > ошибка
> > > > > [5081:5123:1116/173552.354220:ERROR:ssl_client_socket_impl.
> cc(1072)]
> > > > > handshake failed; returned -1, SSL error code 1, net_error -113
> > > > >
> > > > >
> > > > >
> > > > > [root@huntinglab opt]# keytool -list -keystore
> > red5/conf/keystore.jks
> > > -v
> > > > > Enter keystore password:
> > > > >
> > > > > Keystore type: JKS
> > > > > Keystore provider: SUN
> > > > >
> > > > > Your keystore contains 1 entry
> > > > >
> > > > > Alias name: root
> > > > > Creation date: Nov 16, 2017
> > > > > Entry type: trustedCertEntry
> > > > >
> > > > > Owner: CN=huntinglab.ru, OU=PositiveSSL, OU=Domain Control
> Validated
> > > > > Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO
> CA
> > > > > Limited, L=Salford, ST=Greater Manchester, C=GB
> > > > > Serial number: 1f075a081fbf4aefed553e89555b22aa
> > > > > Valid from: Thu Jul 06 03:00:00 MSK 2017 until: Sat Jul 07 02:59:59
> > MSK
> > > > > 2018
> > > > > Certificate fingerprints:
> > > > > MD5: xxxxxx
> > > > > SHA1: xxxxxx
> > > > > SHA256: xxxxxx
> > > > > Signature algorithm name: SHA256withRSA
> > > > > Version: 3
> > > > >
> > > > > Extensions:
> > > > >
> > > > > #1: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
> > > > > AuthorityInfoAccess [
> > > > > [
> > > > > accessMethod: caIssuers
> > > > > accessLocation: URIName: http://crt.comodoca.com/
> > > > > COMODORSADomainValidationSecureServerCA.crt
> > > > > ,
> > > > > accessMethod: ocsp
> > > > > accessLocation: URIName: http://ocsp.comodoca.com
> > > > > ]
> > > > > ]
> > > > >
> > > > > #2: ObjectId: 2.5.29.35 Criticality=false
> > > > > AuthorityKeyIdentifier [
> > > > > KeyIdentifier [
> > > > > 0000: xxxxxxx ..j:.Z.....Vs.C.
> > > > > 0010: xxxxx :(..
> > > > > ]
> > > > > ]
> > > > >
> > > > > #3: ObjectId: 2.5.29.19 Criticality=true
> > > > > BasicConstraints:[
> > > > > CA:false
> > > > > PathLen: undefined
> > > > > ]
> > > > >
> > > > > #4: ObjectId: 2.5.29.31 Criticality=false
> > > > > CRLDistributionPoints [
> > > > > [DistributionPoint:
> > > > > [URIName: http://crl.comodoca.com/
> > COMODORSADomainValidationSecur
> > > > > eServerCA.crl]
> > > > > ]]
> > > > >
> > > > > #5: ObjectId: 2.5.29.32 Criticality=false
> > > > > CertificatePolicies [
> > > > > [CertificatePolicyId: [1.3.6.1.4.1.6449.1.2.2.7]
> > > > > [PolicyQualifierInfo: [
> > > > > qualifierID: 1.3.6.1.5.5.7.2.1
> > > > > qualifier: 0000: xxxxxxx ..https://secure
> > > > > 0010: xxxxxxx .comodo.com/CPS
> > > > >
> > > > > ]] ]
> > > > > [CertificatePolicyId: [2.23.140.1.2.1]
> > > > > [] ]
> > > > > ]
> > > > >
> > > > > #6: ObjectId: 2.5.29.37 Criticality=false
> > > > > ExtendedKeyUsages [
> > > > > serverAuth
> > > > > clientAuth
> > > > > ]
> > > > >
> > > > > #7: ObjectId: 2.5.29.15 Criticality=true
> > > > > KeyUsage [
> > > > > DigitalSignature
> > > > > Key_Encipherment
> > > > > ]
> > > > >
> > > > > #8: ObjectId: 2.5.29.17 Criticality=false
> > > > > SubjectAlternativeName [
> > > > > DNSName: huntinglab.ru
> > > > > DNSName: www.huntinglab.ru
> > > > > ]
> > > > >
> > > > > #9: ObjectId: 2.5.29.14 Criticality=false
> > > > > SubjectKeyIdentifier [
> > > > > KeyIdentifier [
> > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > > > > ]
> > > > > ]
> > > > >
> > > > >
> > > > >
> > > > > *******************************************
> > > > > *******************************************
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > >
> > > >
> > > > С Уважением, Сергей.
> > > >
> > > > моб: 960 515 39 45
> > > > skype: sbyakov
> > > > https://www.facebook.com/s.byakov
> > > >
> > >
> > >
> > >
> > > --
> > > WBR
> > > Maxim aka solomax
> > >
> >
> >
> >
> > --
> > ---С уважением,
> > специалист технической поддержки ЦРЭОР МГУ, Юлия.
> >
>
>
>
> --
> WBR
> Maxim aka solomax
>
--
С Уважением, Сергей.
моб: 960 515 39 45
skype: sbyakov
https://www.facebook.com/s.byakov
