your server JVM has its own keystore/truststore you need to add your certificate into it
On Wed, Feb 25, 2015 at 12:45 AM, OpenAr-IT Soluciones <[email protected]> wrote: > Hi Maxim, what do you mean by "you need to add your certificate to the > trusted certificates of your server JVM"?. I have the same issue as Lionel. > > Lionel, what did you do exactly? > > > Thanks in advance. > > > > On Wed, Feb 4, 2015 at 1:45 PM, Maxim Solodovnik <[email protected]> > wrote: > >> you need to add your certificate to the trusted certificates of your >> server JVM >> >> On Wed, Feb 4, 2015 at 10:40 PM, Lionel Djeukam <[email protected]> >> wrote: >> >>> Ok, that's what i observed: >>> First of all, my certificate was added as expected in the trusted list >>> on the server side, therefore the following lines: >>> >>> >>> >>> >>> >>> *"adding as trusted cert: Subject: CN=139.6.237.96, >>> OU=Informationssicherheit, O=FH-Koeln, L=Koeln, ST=NRW, C=DE Issuer: >>> CN=139.6.237.96, OU=Informationssicherheit, O=FH-Koeln, L=Koeln, ST=NRW, >>> C=DE Algorithm: RSA; Serial number: 0x21787fbf Valid from Wed Feb 04 >>> 15:06:08 CET 2015 until Sat Jan 30 15:06:08 CET 201*6 >>> ... >>> ... " >>> >>> Second, during the TLS-Handshake, it seems like there is a problem with >>> my certificate on the client side >>> which followed to a fatal error: >>> >>> >>> >>> >>> *"NioProcessor-21, READ: TLSv1 Alert, length = 2NioProcessor-21, RECV >>> TLSv1 ALERT: fatal, bad_certificateNioProcessor-21, fatal: engine already >>> closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: >>> bad_certificateNioProcessor-21, fatal: engine already closed. Rethrowing >>> javax.net.ssl.SSLException: Received fatal alert: bad_certificate"* >>> >>> Should i do anythings else than just add an exception for my certificate >>> on the client side? >>> >>> >>> 2015-02-04 17:18 GMT+01:00 Maxim Solodovnik <[email protected]>: >>> >>>> not sure what is wrong :(( >>>> >>>> you need to call >>>> sudo /etc/init.d/red5 stop >>>> >>>> then open ./red5-debug.sh add -Djavax.net.debug=all to the JAVA_OPTS >>>> then start ./red5-debug.sh from the console >>>> >>>> On Wed, Feb 4, 2015 at 10:09 PM, Lionel Djeukam <[email protected] >>>> > wrote: >>>> >>>>> That's realy strange because i did exactly what is content there: >>>>> http://openmeetings.apache.org/RTMPSAndHTTPS.html >>>>> >>>>> The only thing i did not make is to close the port 1935. Is it >>>>> mandotory? Should i just comment his line in the file red5.properties? >>>>> >>>>> A part from that i made what you adviced in the last mail. I started >>>>> the server as follow: >>>>> sudo /etc/init.d/red5 start -Djavax.net.debug=all >>>>> >>>>> and by executing "./red5-debug.sh" it does act as a normal command, >>>>> since i could not observe what append when trying to enter to the room >>>>> >>>>> >>>>> >>>>> 2015-02-04 16:44 GMT+01:00 Maxim Solodovnik <[email protected]>: >>>>> >>>>>> It seems like you set up HTTPS but not RTMPS :( >>>>>> can you start red5 manually with this additional option: >>>>>> *-Djavax.net.debug=all* >>>>>> >>>>>> *then run ./red5-debug.sh and check the console while entering the >>>>>> room* >>>>>> >>>>>> On Wed, Feb 4, 2015 at 9:39 PM, Lionel Djeukam < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hello, >>>>>>> i think i enjoyed to early :( >>>>>>> After configuring the server for HTTPs and RTMPs, i could finaly >>>>>>> connect to the https-page of my server. Then when a lauch a conference, >>>>>>> i >>>>>>> became the three mistakes in the subject field of this mail. >>>>>>> >>>>>>> I already had exeption to my Browser to recognise the certificate as >>>>>>> trusted-part. >>>>>>> >>>>>>> What could i do now? >>>>>>> >>>>>>> -- >>>>>>> Master Student Communication systems and Network >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> WBR >>>>>> Maxim aka solomax >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> DJOMATCHO Djeukam, Lionel >>>>> *Master-Student Kommunikationssysteme und Netze* >>>>> Tel-Nummer: (+49) 176 996 248 93 >>>>> Deutzer Ring 5 >>>>> 50679 Köln >>>>> >>>> >>>> >>>> >>>> -- >>>> WBR >>>> Maxim aka solomax >>>> >>> >>> >>> >>> -- >>> DJOMATCHO Djeukam, Lionel >>> *Master-Student Kommunikationssysteme und Netze* >>> Tel-Nummer: (+49) 176 996 248 93 >>> Deutzer Ring 5 >>> 50679 Köln >>> >> >> >> >> -- >> WBR >> Maxim aka solomax >> > > -- WBR Maxim aka solomax
