Closed
Bug 1124373
Opened 9 years ago
Closed 9 years ago
SSL Cert for Wowza Streaming Engine
Categories
(Infrastructure & Operations :: SSL Certificates, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: richard, Assigned: gozer)
Details
(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/325] )
Attachments
(1 file)
269.31 KB,
image/png
|
Details |
We need to enable SSL on wowza1.corpdmz.scl3.mozilla.com. According to the Wowza documentation StreamLock certs are the preferred method. Described here: http://www.wowza.com/forums/content.php?454-How-to-get-SSL-certificates-from-the-StreamLock-service#prerequisites This, however will require NAT so we have an accessible IP address for this machine. This process also results in a cert for this machine in streamlock.net rather than mozilla.com There are also notes on using self-signed certs at: http://www.wowza.com/forums/content.php?435-How-to-create-a-self-signed-SSL-certificate That process requires installation of a JDK rather than using native RedHat utilities to generate the cert. Please advise the best way to proceed.
Reporter | ||
Comment 1•9 years ago
|
||
Correction: This machine already has NAT (wowza1.scl3.mozilla.com - 63.245.214.154). So now I just need advice on whether the Streamlock cert is as bad an idea as it seems. ...and if so, how we create a more mozilla-standard cert for this box.
Assignee | ||
Updated•9 years ago
|
Assignee: server-ops-webops → gozer
Assignee | ||
Comment 2•9 years ago
|
||
Here you go, done, deployed, installed and all. (With a self-signed certificate) https://wowza1.corpdmz.scl3.mozilla.com/ You'll get a SSL warning when doing that, as the cert uses the public name wowza1.scl3.mozilla.com, but the NAT isn't allowing HTTPS through yet.
Assignee | ||
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 3•9 years ago
|
||
Gozer: Thanks! Looks like I need to file a bug to get the ports opened on the NAT.
Comment 4•9 years ago
|
||
There's something fishy about this cert. When I load it in Firefox I get one of those "I understand the risks" dialogs. I stupidly allowed the exemption on this and don't know how to reset that in Firefox. However the warning is clear when using Chrome.
Updated•9 years ago
|
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Comment 5•9 years ago
|
||
(In reply to Peter Bengtsson [:peterbe] from comment #4) > Created attachment 8559481 [details] > Screenshot 2015-02-04 15.50.34.png > > There's something fishy about this cert. When I load it in Firefox I get one > of those "I understand the risks" dialogs. Its not fishy, it's just a standard warning about a self-signed certificate, not issued by a trusted CA. I figured since this is an internal service, it would be good enough. If there is a need for a real CA signed certificate later on, this can be accomodated as well. Just needs to be requested. My understanding of this bug was just that *a* SSL cert was needed to unblock things.
Comment 6•9 years ago
|
||
Ah! Sorry, I jumped in quickly to try to help Richard. Basically Richard, if we're going to use this URL for production we're going to need to get a proper signed cert. If it's self-signed one has to manually open one of its URLs (e.g. https://wowza1.corpdmz.scl3.mozilla.com/) and add an exception to your browser. So, the question is, do we want to use this for realz?
Reporter | ||
Comment 7•9 years ago
|
||
This instance is mostly for testing. In the later stages of testing we'll be using it to stream an alternate version of the Monday Meeting to stage. I think we're OK with a self signed cert for now. Is Roku choking on it? Can Roku do SSL at all?
Flags: needinfo?(peterbe)
Comment 8•9 years ago
|
||
(In reply to Richard A Milewski[:richard] from comment #7) > This instance is mostly for testing. In the later stages of testing we'll > be using it to stream an alternate version of the Monday Meeting to stage. > I think we're OK with a self signed cert for now. > > Is Roku choking on it? Can Roku do SSL at all? A) I can't get it to play anything on HTTPS B) I bet the answer is to do a bunch of Roku Developer forum research and reading pages of documentation. We do set the cert [0] as per their instructions but that doesn't seem to work. I think all that does is the ability to be able to open httpS://air.mozilla.org/roku/categories.xml but it doesn't seem to help us be able to play httpS://d3fenhwk93s16g.cloudfront.net/xxxxxxxx/mp4.mp4 :( [0] https://gist.github.com/peterbe/9a92f0a631b875d460c6
Flags: needinfo?(peterbe)
Assignee | ||
Comment 9•9 years ago
|
||
Since the SSL certificate work itself was done successfully, could this be bug be cleared out of our queue? Any the continuing conversation moved to a more appropriate bug? Thanks!
Reporter | ||
Comment 10•9 years ago
|
||
Done!
Status: REOPENED → RESOLVED
Closed: 9 years ago → 9 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•