Skip to main content
Participant
June 22, 2020
Question

Adobe Connect 10.8 ACTS SSL - Issue

  • June 22, 2020
  • 4 replies
  • 7445 views

I have installed Adobe connect Server 10.8 and Adobe Connect Transmuxing Service on separate Windows 2019 Servers. Without enabling SSL, I can connect to meeting via HTML5 & Adobe Connect Client without any issues.

I enabled SSL as per the the SSL guides http://blogs.adobe.com/connectsupport/files/2016/04/Connect-SSL-Guide.pdf & https://blogs.adobe.com/connectsupport/adobe-connect-10-1-switch-the-default-acts-service-protocol-from-ws-to-wss/.

After that I am unable to connect meeting via HTML5 & Adobe Connect Client, I am getting error "Preparing Room" in HTML5 and "connecting " error in Adobe Connect Client.

I think, it may be SSL certificate issue, can anyone help me to create .pem & .key certificates using Stunnel.

Thanks in advance.

 

    This topic has been closed for replies.

    4 replies

    Jorma_at_Knox
    Legend
    July 9, 2020

    It wouldn't hurt to contact the Connect Support team to see if they have any input.

    Jorma_at_Knox
    Legend
    June 25, 2020

    If you have the developer console open (F12 in most browsers) are you seeing any errors when trying to open the HTML version of the room and the application hangs at Preparing Room?

    cjiwonderAuthor
    Participant
    June 27, 2020

    Sorry for the late reply.

     

    I am getting the follwoing error in the developer console :

    Chrome :

    WebSocket connection to 'wss://application.testlab.com/' failed: WebSocket is closed before the connection is established.
    Client: An error occured, see console log for more details.

    Firefox :
    Client: The connection to wss://application.testlab.com/ was closed. [1006]
    A connection to wss://application.testlab.com/ has been closed by the client.
    Firefox can’t establish a connection to the server at wss://application.testlab.com/.

     

    I am getting the following error in stunnel log :

    Service [https-vip] accepted connection from 192.168.100.100:65383

    s_connect: connected 127.0.0.1:8443

    Service [https-vip] connected remote server from 127.0.0.1:65513

    transfer: s_poll_wait: TIMEOUTclose exceeded: closing

    Connection closed: 263 byte(s) sent to TLS, 590 byte(s) sent to socket

     

     

    Participant
    July 3, 2020

    Hi

    I have exactly the same problem and installed Adobe for a couple of times. Also I have tried installing Transmuxing service over and over and also have tried the following links.

    Bad news is I still have the sam 302 error and won't load the meeting room in HTML5.

    Can anyone help?

    https://helpx.adobe.com/adobe-connect/kb/configure-ports-1935-443-80.html#:~:text=By%20default%2C%20Adobe%20Connect%20listens,firewall%20(Participants%20or%20Presenters).https://blogs.adobe.com/connectsupport/registering-acts-servers-in-connect-10-x/

    https://blogs.adobe.com/connectsupport/adobe-connect-10-1-switch-the-default-acts-service-protocol-from-ws-to-wss/

    Jorma_at_Knox
    Legend
    June 24, 2020

    Maybe it's just a text formatting issue when you pasted here, but the two things I see to adjust are:

    custom.ini text

     

    Current: 

    ADMIN_PROTOCOL=https:// SSL_ONLY=yes

    RTMP_SEQUENCE=rtmps://external-host:443/?rtmp://localhost:8506/

    ACTS_PROTOCOL=wss:443

    Change to:

    ADMIN_PROTOCOL=https://

    SSL_ONLY=yes

    RTMP_SEQUENCE=rtmps://external-host:443/?rtmp://localhost:8506/

    ACTS_PROTOCOL=wss:443

    stunnel.conf text

     

    Current:

    [acts]

    ; accept = ACTS IP:443 accept = 192.168.10.102:443

    ; When stunnel is on the same box, simply leave the below IP address as 127.0.0.1 connect = 127.0.0.1:9002

    ; Certificate information for Connect Meetings.

    Change to:

    [acts]

    ; accept = ACTS IP:443

    accept = 192.168.10.102:443

    ; When stunnel is on the same box, simply leave the below IP address as 127.0.0.1 connect = 127.0.0.1:9002

     

    The stunnel.conf looks to be your culpriate as the connection string looks commented out for WSS over 443. The custom.ini could be an issue, but is more likely just a formatting/useability issue.

    ; Certificate information for Connect Meetings.

    cjiwonderAuthor
    Participant
    June 25, 2020

    Thanks for your prompt response.

    It's a copy / paste issue here. In my conf, it is fine as you mentioned. Anything else needs to be changed in my config because issue still persists.

     

    Jorma_at_Knox
    Legend
    June 23, 2020

    You should be able to create the PEM and KEY files with the same process you used for the Application (HTTPS) and Media (RTMPS) servers. It would just be for a new FQDN that is specific to the ACTS server(s).

    cjiwonderAuthor
    Participant
    June 24, 2020

    Thanks for your prompt reply.

    Please see my installations and configurations for your reference. Pls let me know where I am wrong.

    1. Server name: actssrv
    2. Selected products: Adobe Connect Server and Adobe Connect Transmuxing Service
    3. Account Name: application
    4. Adobe Connect Host: application.testlab.com
    5. ACTS Host Name: actssrv
    6. ACTS web socket protocol: wss
    7. ACTS Host Name: actssrv
    8. ACTS External Host Name: application.testlab.com
    1. First, I installed Adobe Connect and ACTS on a Windows 2019 server with 3 NICs and assigned 3 IP to each NIC. For example: 192.168.10.100, 192.168.100.101, 192.168.100.102
    2. I created A record in the DNS server: application.testlab.com  192.168.100.100 meeting.testlab.com  192.168.100.101 acts.testlab.com  192.18.100.102
    3. Installed stunnel in c:\connect\stunnel directory and created certs folder in this path.
    4. Then generated 3 certificates using stunnel with these commands:
      • openssl req -new -newkey rsa:2048 -days 365 -nodes -keyout applicationkey.pem -out applicationcert.pem
      • openssl req -new -newkey rsa:2048 -days 365 -nodes -keyout meetingkey.pem -out meetingcert.pem
      • openssl req -new -newkey rsa:2048 -days 365 -nodes -keyout actskey.pem -out actscert.pem
    5. Copied 3 set of keys to c:\connect\stunnel\certs.
    6. stunnel.conf:

    ; Protocol version (all, SSLv2, SSLv3, TLSv1)

     

    ; we want TLS1, TLS1.1 and TLS1.2 active, so set =all and then say "not SSLv2, SSLv3" sslVersion = all

    options = NO_SSLv2 options = NO_SSLv3

    options = DONT_INSERT_EMPTY_FRAGMENTS options = CIPHER_SERVER_PREFERENCE

    renegotiation=no fips = no

    ;Some performance tunings:

    socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 TIMEOUTclose=0

    ; application server SSL / HTTPS [https-vip]

    accept = 192.168.10.100:443

    connect = 127.0.0.1:8443

    cert = C:\Connect\stunnel\certs\ applicationcert.pem

    key = C:\Connect\stunnel\certs\ applicationkey.pem

    ;configure ciphers as per your requirement and client support.

    ;this should work for most:

    ciphers = TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES

    ; meeting SSL / RTMPS [rtmps-vip]

    accept = 192.168.10.101:443

    connect = 127.0.0.1:1935

    cert = C:\Connect\stunnel\certs\ meetingcert.pem

    key = C:\Connect\stunnel\certs\ meetingkey.pem

    ;configure ciphers as per your requirement and client support.

    ;this should work for most:

    ciphers = TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES

    ;ACTS (WSS):

    ; Protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = all

    options = NO_SSLv2

    options = NO_SSLv3

    ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 TIMEOUTclose=0

    options = DONT_INSERT_EMPTY_FRAGMENTS

    [acts]

    ; accept = ACTS IP:443 accept = 192.168.10.102:443

    ; When stunnel is on the same box, simply leave the below IP address as 127.0.0.1 connect = 127.0.0.1:9002

    ; Certificate information for Connect Meetings.

    ; This assumes you put the cert and key in the root folder of stunnel

    ;cert = CertificateNameHere.pem

    ;key = CerificateKeyNameHere.pem

    cert = C:\Connect\stunnel\certs\ actscert.pem

    key = C:\Connect\stunnel\certs\ actskey.pem

    ; ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH ciphers = ALL:!AECDH:!ADH:!LOW:!EXP:!MD5:@STRENGTH

     

    Added these lines in custom.ini:

    ADMIN_PROTOCOL=https:// SSL_ONLY=yes

    RTMP_SEQUENCE=rtmps://external-host:443/?rtmp://localhost:8506/

    ACTS_PROTOCOL=wss:443

     

    Uncommented these lines in server.xml file:

    <Connector port="8443" protocol="HTTP/1.1" executor="httpsThreadPool" enableLookups="false"

    acceptCount="250"

    connectionTimeout="20000" SSLEnabled="false"

    scheme="https" secure="true" proxyPort="443" URIEncoding="utf-8"/>

     

    <Executor name="httpsThreadPool" namePrefix="https-8443-" maxThreads="350" minSpareThreads="25"/>

     

    In Adobe Connect server "Sever setting" I entered meeting.testlab.com in hostmaping (external).