Open GregBlaha opened 2 years ago
Hi @GregBlaha
“unable to get local issuer certificate” error, it’s an indication that the root certificates on the system are not working correctly. Is there any port forwarding or Load Balancer/Reverse proxy for 443. port ? Also, can you verify that you are using the same certificates for WWW and RTMPS? By the way, if you share your domain name I can check it for you?
Regards.
Short description
RTMPS is enabled in my Ant Media Server install. I have SSL enabled using a custom certificate purchased through a third party CA. It is working properly for HTTPS for the web interface.
When I go to stream using RTMPS over port 8443, I receive an error message on my streaming client stating "The RTMP server sent an invalid SSL certificate".
Environment
Steps to reproduce
Expected behavior
The server should serve out the cert with the full chain allowing the streaming client to trust the cert and connect.
Actual behavior
The command openssl s_client -connect:8443 returns "verify error:num=20:unable to get local issuer certificate" after sending the server certificate (depth 0). None of the rest of the chain is sent.
The same command pointing at the HTTPS web interface, "openssl s_client -connect:443", returns the full four part certificate chain and the certificate is trusted.
Are they pulling from different keystores? I have tried rebuilding the keystore in every imaginable way, but cannot get it to serve out the full certificate chain (with intermediates and roots) over RTMPS.
Logs
Here is the log of the openssl connection to port 8443 and 443 for comparison:
https://pastebin.com/KwieW2Ed