Skip to main content
lakhotiaanuj
lakhotiaanuj
Inspiring
August 8, 2013
Question

AMS 5.0.3 availability and Refresh of PHDS/PHLS/PRTMP certificates

  • August 8, 2013
  • 1 reply
  • 1633 views

Dear customer,

We are glad to announce the availability of AMS 5.0.3 .

This hotfix release provides a refresh to the certificates used by PHDS, PHLS and PRTMP content protection. The certificates provided with the earlier releases will expire in August 2013. The refresh of the certificates can be done by simply replacing the older certificates with the new certificates.  The list of certificates that have been refreshed are -

§  creds/static/phds_license_server.der

§  creds/static/phds_production_transport.der

§  creds/static/phds_license_server.pfx

§  creds/static/phds_production_packager.pfx

§  creds/static/phds_data

You can see the expiry date by double clicking on a certificate in your Explorer window. Please note that only the refresh of the certificates is required to have the PHDS/PHLS/PRTMP functionality working as your certificates expire. It is not required to do a complete upgrade of your existing server version.

AMS 5.0.3 release also provides enhancements to PRTMP Streaming

§  PRTMP now supports Key rotation, which was earlier available for Protected HTTP streaming.

§  The common-key file and whitelist file can now be updated at runtime, without requiring a server restart.

§  The common-key and whitelist access in the PRTMP on-demand workflow is now routed through the file adaptor, if present, and can be configured to handle requests of content-type “PRTMP”.

§  AMS access log now supports an additional column “x-sprotection-ver” that will be logged with application and stream events with a value of “1″ if the stream is protected (PRTMP enabled)

The f4f packager has also been updated to support the generation of manifest lines with different license server URLS without doing the packaging multiple times. This is helpful when the workflows consists of different Test Servers and Production Servers.

The details of the Bugs fixed in this release are available in the Release Notes

On Premise users can download the update from Adobe.com AMS Updates Page . Amazon Web Services users can subscribe to the new AMIS here. The details of Amazon AMI IDs can be accessed in the AMS Documentation.

The official announcement is available here - https://blogs.adobe.com/ams/

This topic has been closed for replies.

1 reply

lakhotiaanuj
lakhotiaanujAuthor
Inspiring
August 20, 2013

Here is a small FAQ that will answer queries related to PHDS/PHLS/PRTMP certificate refresh

  • When do the old certificates expire?

You can double click the certificate and check the expiry date. They expire on Aug 10 2013

  • What is the folder in which the certificates need to be refreshed?

For AMS 5 and above, the certificates needs to be refreshed in the folder “creds/static” in the AMS install directory.

For versions before AMS 5, the folder would be “phds/static”

  • What is the expiry date for the new certificates?

The new certificates expire on April 5 2015

  • What is the use of these certificates?

These are the certificates that are updated.

License server certificate

It is an Adobe-issued DER-encoded license server certificate. The license server certificate specifies the private key used to sign the license.

Transport certificate

It is an Adobe-issued DER-encoded X.509 transport certificate file. The transport certificate file is used when the client communicates with a server (for example, an authentication server). This feature is not supported in Flash Media Server 4.5.1 but the certificate is still required.

Packager credential

It is an Adobe-issued packager server credential (a certificate and its associated key) PFX file. The server uses this file to apply a signature to the metadata while encrypting content files

  • What are the instructions to refresh the certificates?

You need to only copy the certificates in the required folder and Replace the old ones. The file permissions need to be kept the same as old files.

  • What happens if I do not refresh the certificates?

Your streams will continue to work fine if you are not using PHDS/PHLS/PRTMP features.

However, if you are using the above features you would get an error – “Couldn't to generate DRM Header in adaptorOpen()."

  • Do I need to restart the server?

In most cases you do not need to restart the server.

For VOD Streaming, AMS does the packaging run time or on demand and would use the new certificates. Any HTTP caches need to be flushed.

  • Do we have a new instance on Amazon web services to use the new certificates?

Yes, AMS 5.0.3 AMI is available on AWS. The AMI details are available here

http://helpx.adobe.com/adobe-media-server/kb/flash-media-server-amazon-machine.html

  • Where do I download AMS 5.0.3 from?

AMS 5.0.3 can be downloaded from

http://www.adobe.com/support/flashmediaserver/downloads_updaters.html

  • I downloaded AMS from adobe.com? Do, I need to refresh the certificates?

You can double click the certificates and check their expiry dates. The new certificates expire in April 2015. These certificates are needed only for PHDS/PHLS/PRTMP features.

The download from Adobe.com has been refreshed. Any downloads after Sept 2013 will have the new certificates.

E
EastMan
Known Participant
October 29, 2013

lakhotiaanuj

I would be grateful if you could help me with a problem.

I am trying to use the f4fpackager to package and encrypt files but the command fails because I don't enter the correct credential password when setting --credential-pwd=. According to the packager reference docs, the password string is used to secure the packager credentials which I understand to be phds_production_packager.pfx. Where can I get this password string?

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices