Closed SelimEmre closed 2 years ago
Could you please give some more info about this issue?
The current solution doesn't work private certificate key with password protection. Does it make sense for you?
Yes it makes sense.
Hey guys,
To establish SSL connectivity between AntMedia and our product, we used to use a private key (generated by us) with a passphrase to create the required certificates to establish a secure connection. When we used to use this private key with the AntMedia enable_ssl.sh script in AMS 2.1, the script used to ‘succeed’ and tell us to use https to access the AntMedia web portal. In AMS 2.3, the enable_ssl.sh script succeeds in the same way, but we cannot access the web portal anymore.
Digging into the logs, we found the following error message:
INFO: The certificate [conf/fullchain.pem] or its private key [conf/privkey.pem] could not be processed using a JSSE key manager and will be given directly to OpenSSL
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Enter password :
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Enter password :
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Enter password :
This message indicated to us that the passphrase that we were passing to the enable_ssl script does not get sent to OpenSSL correctly. Following this, we created a key with a blank passphrase, and that fixed the issue. This means that when we are commissioning our solution at a customer site, we would have to ask them to ensure that the private key that they provide us with has no pass phrase. We are currently investigating on our end if this is an acceptable solution too.
Hi @kylecauston ,
Thank you making this clear for us.
I understand your problem.
As a quick workaround solution, I can recommend changing the pass phrase in /usr/local/antmedia/conf/red5.properties
file.
/usr/local/antmedia/conf/red5.properties
rtmps.keystorepass=WRITE_YOUR_PASSWORD
rtmps.truststorepass=WRITE_YOUR_PASSWORD
sudo service antmedia restart
Check that if it's working for you and please let me know.
Please also take a look at this solution -> https://github.com/ant-media/Ant-Media-Server/issues/4076#issuecomment-1141735170
Add password field for protected private certificate use-case