Open LydiaTM opened 2 years ago
@LydiaTM Hi. Thank you for using OvenSpace.
You need to set up chain cert in OME. Although it is not possible to confirm the structure of the certificate you have set, please set ROOT CA and Intermediate CA separately as chain cert. If you have any problems, detailed support is available in the OvenMediaEngine repository.
<Managers>
<Host>
<Names>
<Name>*</Name>
</Names>
<TLS>
<CertPath>path/to/my_cert_file.crt</CertPath>
<KeyPath>path/to/my_cert_file.crt</KeyPath>
<!-- <ChainCertPath>airensoft_com_chain.crt</ChainCertPath> -->
</TLS>
</Host>
<API>
<AccessToken>my_access_token</AccessToken>
</API>
</Managers>
<Domain>
<Names>
<Name>*</Name>
</Names>
<TLS>
<CertPath>path/to/my_cert_file.crt</CertPath>
<KeyPath>path/to/my_key_file.key</KeyPath>
<!-- <ChainCertPath>path/to/file.crt</ChainCertPath> -->
</TLS>
</Domain>
Thanks for your help!
I am new to the certificates issue and I don't know how to generate the intermedia certificate. Could you help me, please?
Thanks in advance.
@LydiaTM Hi. It will depend on the type of certificate issued, but this may be your case.
The certificate you set in nginx may have the following structure. (ssl_certificate /your/path/to/my_cert_file.crt;)
-----BEGIN CERTIFICATE-----
Your Domain CA
-----END CERTIFICATE-----
Intermediate CA
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
ROOT CA
-----END CERTIFICATE-----
This is chain cert. You can set this cert to <ChainCertPath>path/to/file.crt</ChainCertPath>
.
And you can make a new file something like my-cert.crt
and paste first section of chain cert.
-----BEGIN CERTIFICATE-----
Your Domain CA
-----END CERTIFICATE-----
And set this cert file to <CertPath>path/to/my_cert_file.crt</CertPath>
I hope this helps. As mentioned earlier, there are various methods depending on the type of certificate issued. I can only help up to the point above.
Hi!
I am trying to run ovenspace with TLS certificates and Nginx but the OvenmediaEngine server returns the following error:
[[2022-03-09 17:20:30.157] E [SPAPIServer-T80:1916] OpenSSL | tls.cpp:193 | An error occurred while accept SSL connection: [OpenSSL] error:0A000418:SSL routines::tlsv1 alert unknown ca (167773208) [2022-03-09 17:20:30.158] E [SPAPIServer-T80:1916] OpenSSL | tls_server_data.cpp:108 | An error occurred while accept TLS connection: error code: 1]
I detail below the steps followed and the configuration set up.
NGINX CONFIGURATION
First I set up the recommended NGINX configuration and restart NGINX.
I generated the self-signed certificates with openssl for the machine, where server_name is the name of the machine.
OVENMEDIAENGINE CONFIGURATION
After that I make OvenMediaEngine's REST API Server, WebRTC Provider, and WebRTC Publisher work with TLS and restart OvenMediaEngine.
Finally, I set up the OvenSpace configuration and run the .py file.
OVENSPACE CONFIGURATION
Finally, I set up the OvenSpace configuration and run the .py file.
BROWSER CONSOLE
When I access the address 'https://machine_name' from the browser, it returns the following error in the browser console:
[/getStreams:1 Failed to load resource: the server responded with a status of 500 (INTERNAL SERVER ERROR) ovenspace.js:486 Could not get streams from OME.]
OVENSPACE LOGS
The OvenSpace logs are follows:
OVENMEDIAENGINE LOGS
Furthermore, in the OvenMediaEngine logs, I get the error mentioned at the beginning of this message:
[[2022-03-09 17:20:30.157] E [SPAPIServer-T80:1916] OpenSSL | tls.cpp:193 | An error occurred while accept SSL connection: [OpenSSL] error:0A000418:SSL routines::tlsv1 alert unknown ca (167773208) [2022-03-09 17:20:30.158] E [SPAPIServer-T80:1916] OpenSSL | tls_server_data.cpp:108 | An error occurred while accept TLS connection: error code: 1]