msgbartop
Various ramblings-on, mostly about Red5
msgbarbottom

12 Nov 09 Native RTMPS in Red5

Red5 now supports “native” RTMPS in addition to RTMPT over SSL. To use this feature you will need to use the current trunk version until 0.9 RC3 or Final are released. A big shout-out goes to Kevin Green for providing the original patch. Using this communication channel, your data will be secured throughout the process from connection to shutdown using TLS/SSL and should provide the secure features you need until RTMPE is ready.

Red5NativeRTMPS

Red5NativeRTMPS


To use this mode in your NetConnection, you must set the proxy type to best like so:

nc = new NetConnection();
nc.client = this;
nc.proxyType = "best";

For this example I used a free opensource ssl cert provided by godaddy.

Step by step process:

1. Create your key

keytool -keysize 2048 -genkey -alias red5 -keyalg RSA -keystore keystore
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  ssl.red5.org
What is the name of your organizational unit?
  [Unknown]:  Dev
What is the name of your organization?
  [Unknown]:  Red5
What is the name of your City or Locality?
  [Unknown]:  Henderson
What is the name of your State or Province?
  [Unknown]:  Nevada
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=ssl.red5.org, OU=Dev, O=Red5, L=Henderson, ST=Nevada, C=US correct?
  [no]:  yes

Enter key password for <red5>
        (RETURN if same as keystore password):

2. Create a CSR

keytool -certreq -keyalg RSA -alias red5 -file red5.csr -keystore keystore
Enter keystore password:

3. Submit your CSR to your SSL certificate provider. Godaddy process is described below.

4. After your receive your certificate, import the root cert into your keystore file

keytool -import -alias root -keystore keystore -trustcacerts -file valicert_class2_root.crt
Enter keystore password:
Certificate already exists in system-wide CA keystore under alias <valicertclass2ca>
Do you still want to add it to your own keystore? [no]:  yes
Certificate was added to keystore

5. Import the cross certificates

keytool -import -alias cross -keystore keystore -trustcacerts -file gd_cross_intermediate.crt
Enter keystore password:
Certificate was added to keystore

6. Import the intermediate certificates

keytool -import -alias intermed -keystore keystore -trustcacerts -file gd_intermediate.crt
Enter keystore password:
Certificate was added to keystore

7. Import your certificate

keytool -import -alias red5 -keystore keystore -trustcacerts -file ssl.red5.org.crt
Enter keystore password:
Certificate reply was installed in keystore

8. Setup RTMPS in your red5/conf/red5-core.xml. You may notice that some of the rtmp variables are used here, that is only for ease of setup; you could set them to whatever you prefer.

    <bean id="rtmpsMinaIoHandler"
        class="org.red5.server.net.rtmps.RTMPSMinaIoHandler">
        <property name="handler" ref="rtmpHandler" />
        <property name="codecFactory" ref="rtmpCodecFactory" />
        <property name="rtmpConnManager" ref="rtmpMinaConnManager" />
	<property name="keyStorePassword" value="${rtmps.keystorepass}" />
        <property name="keystoreFile" value="conf/keystore" />
    </bean>
    
    <bean id="rtmpsTransport" class="org.red5.server.net.rtmp.RTMPMinaTransport" init-method="start" destroy-method="stop">
        <property name="ioHandler" ref="rtmpsMinaIoHandler" />
        <property name="connectors">
            <list>
                <bean class="java.net.InetSocketAddress">
                    <constructor-arg index="0" type="java.lang.String" value="${rtmps.host}" />  
                    <constructor-arg index="1" type="int" value="${rtmps.port}" />  
                </bean>
            </list>
        </property>
        <property name="receiveBufferSize" value="${rtmp.receive_buffer_size}" />
        <property name="sendBufferSize" value="${rtmp.send_buffer_size}" />
        <property name="eventThreadsCore" value="${rtmp.event_threads_core}" />
        <property name="eventThreadsMax" value="${rtmp.event_threads_max}" />
        <property name="eventThreadsQueue" value="${rtmp.event_threads_queue}" />
        <property name="eventThreadsKeepalive" value="${rtmp.event_threads_keepalive}" />
        <property name="jmxPollInterval" value="1000" />
        <property name="tcpNoDelay" value="${rtmp.tcp_nodelay}" />
    </bean>

Additional security info can be found here
The testing player source can be found here

Tags: , ,



Reader's Comments

  1. |

    What about the setting in the red5.properties file?

    # RTMPS Keystore Password
    rtmps.keystorepass=password

    Is this needed?

  2. |

    Paul said he used a free opensource ssl cert provided by godaddy. However this option is not genuinely free as there are a number of conditions that godaddy specify to make an applicant for one of their certificate eligible.
    Now openssl is a truly free opensource application for creating self-signed ssl certificates that enable a user to experiment, set up demos etc.
    There are a number of guides out there for creating a certificate using openssl but what I would like to know is whether using openssl is interchangeable with the approach laid out by Paul here.
    For instance what are these cross and intermediate certificates that are mentioned?

  3. |

    Problem building testing player

    E:\Flex3.3\samples\player4>ant
    Buildfile: build.xml

    clean:
    [delete] Deleting directory E:\Flex3.3\samples\player4\${build.dir}

    init:
    [mkdir] Created dir: E:\Flex3.3\samples\player4\${build.dir}
    [mkdir] Created dir: E:\Flex3.3\samples\player4\${build.dir}\release
    [mkdir] Created dir: E:\Flex3.3\samples\player4\${build.dir}\debug

    compile.release:
    Unable to access jarfile E:\Flex3.3\samples\player4\${FLEX_HOME}\lib
    \mxmlc.jar

    BUILD FAILED
    E:\Flex3.3\samples\player4\build.xml:138: The following error occurred while exe
    cuting this line:
    E:\Flex3.3\samples\player4\build.xml:214: Java returned: 1

    Total time: 0 seconds

  4. |

    I belong to a company that uses the RED5.

    Currently, we are adding RTMPS communications, but we have difficulties in making it work with a certificate from Verisign in. Pfx format.

    Would you be so kind to give information on how to configure the protocol RTMPS from a. PFX in version 1.0.1 of RED5?

    Thank you very much



Leave a Comment


Fatal error: Call to undefined function akismet_counter() in C:\xampp\htdocs\paulgregoireblog\wp-content\themes\googlechrome\footer.php on line 9