Skip to main content
L
LucasA_llt
Participant
January 5, 2011
Question

FMS netconnection to HTTPS

  • January 5, 2011
  • 1 reply
  • 1766 views

Hello friends,

I am currently stumped on how to make an FMS netconnection call to an AMF gateway using HTTPS.

It is my understanding that Flash in the browser will utilize whatever HTTPS cert the browser has available for the HTTPS path you are trying to connect.

Is there some sort of config or cert trick I need to apply for FMS to make HTTPS connections? I was considering it might be one of the following, but could not find any information on the subject:

-HTTPS cert saved to FMS directory?

-FMS config value for specific HTTPS paths?

-Allow the FMS host/ip to bypass HTTPS on server side?

Any thoughts on this would be very helpful!

Thank you

-Lucas

    This topic has been closed for replies.

    1 reply

    S
    Adobe Employee
    Shiraz Anwar
    Adobe Employee
    January 6, 2011

    Hi Lucas,

    I am not very clear about your problem, but here are my thoughts based on my assumption that you want to establish a secure connection with FMS.

    In that case, you need to make rtmps connection with FMS and steps for same are as follows:

    1. Create your certificate key file and cert file

    2. Go to conf/_defaultRoot_/adaptor.xml and go to following section:

                <SSLCertificateFile></SSLCertificateFile>

                <!-- Specifies location of private key file for the certificate. If   -->
                <!-- an absolute path is not specified, the key file is assumed to be -->
                <!-- relative to the adaptor directory. If the key file is encrypted, -->
                <!-- the pass phrase must be specified in the SSLPassPhrase tag.      -->
                <!-- The type attribute specifies the type of encoding used for the   -->
                <!-- certificate key file. This can be either "PEM" or "ASN1". By     -->
                <!-- default, this is "PEM".                                          -->
                <SSLCertificateKeyFile type="PEM"></SSLCertificateKeyFile>

                <!-- Specifies the passphrase to use for decrypting the private key   -->
                <!-- file. If the private key file is not encrypted, leave this tag   -->
                <!-- empty.                                                           -->
                <SSLPassPhrase></SSLPassPhrase>

    put appropriate values to these tags such as sslcertificatefile, sslcertificatekeyfile, sslpassphrase and restart the server.

    3. From the client connect using rtmps://serverip/app/streamname and play your content.

    4. For the first time, if certificate is not installed in browser (or if trust chain is missing) it will prompt you for trusting and installing the certificate in your browser and then you would be able to play your content.

    5. Also, make sure that in your comf/fms.ini file, [ADAPTOR.HOSTPORT = :1935,80,-443] is set. rtmps uses 443 port.

    Please revert back to me in case of further query.

    L
    LucasA_lltAuthor
    Participant
    January 6, 2011

    Hi Zarihs,

    Thanks for the reply. Your explanation of a secure connection from flash client to FMS server will be very handy in the future. Thank you for that.

    However, I was originally looking for a way that FMS can make a connection to another server, via HTTPS with an ssl cert.

    FMS connect ---> HTTPS://amf/gateway/ ----> .net AMF server

    Above is a very crude example of the connection flow I am talking about, when I connect to the gateway via SSAS over HTTPS , the net connection status always returns: NetConnection.Connect.Rejected .

    I feel like the answer is right in front of me..

    Thanks,

    Lucas

    After doing a bit more digging I believe I have found what I need in the Server.xml config:

    <Root>
        <Server>
            <SSL>
                <SSLEngine></SSLEngine>
                <SSLRandomSeed></SSLRandomSeed>
                <SSLClientCtx>
                    <SSLVerifyCertificate>true</SSLVerifyCertificate>
                    <SSLCACertificatePath></SSLCACertificatePath>
                    <SSLCACertificateFile></SSLCACertificateFile>
                    <SSLVerifyDepth>9</SSLVerifyDepth>    
                    <SSLCipherSuite>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</SSLCipherSuite>
                </SSLClientCtx>
            </SSL>
        </Server>
    </Root>
    A
    Anonymous
    July 7, 2012

    Were you able to figure out what the issue was? I am running into the same problem.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices