12 Nov 09 Native RTMPS in Red5
Red5 now supports “native” RTMPS in addition to RTMPT over SSL. To use this feature you will need to use the current trunk version until 0.9 RC3 or Final are released. A big shout-out goes to Kevin Green for providing the original patch. Using this communication channel, your data will be secured throughout the process from connection to shutdown using TLS/SSL and should provide the secure features you need until RTMPE is ready.
Red5NativeRTMPS
To use this mode in your NetConnection, you must set the proxy type to best like so:
nc = new NetConnection(); nc.client = this; nc.proxyType = "best";
For this example I used a free opensource ssl cert provided by godaddy.
Step by step process:
1. Create your key
keytool -keysize 2048 -genkey -alias red5 -keyalg RSA -keystore keystore
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: ssl.red5.org
What is the name of your organizational unit?
[Unknown]: Dev
What is the name of your organization?
[Unknown]: Red5
What is the name of your City or Locality?
[Unknown]: Henderson
What is the name of your State or Province?
[Unknown]: Nevada
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=ssl.red5.org, OU=Dev, O=Red5, L=Henderson, ST=Nevada, C=US correct?
[no]: yes
Enter key password for <red5>
(RETURN if same as keystore password):
2. Create a CSR
keytool -certreq -keyalg RSA -alias red5 -file red5.csr -keystore keystore Enter keystore password:
3. Submit your CSR to your SSL certificate provider. Godaddy process is described below.
4. After your receive your certificate, import the root cert into your keystore file
keytool -import -alias root -keystore keystore -trustcacerts -file valicert_class2_root.crt Enter keystore password: Certificate already exists in system-wide CA keystore under alias <valicertclass2ca> Do you still want to add it to your own keystore? [no]: yes Certificate was added to keystore
5. Import the cross certificates
keytool -import -alias cross -keystore keystore -trustcacerts -file gd_cross_intermediate.crt Enter keystore password: Certificate was added to keystore
6. Import the intermediate certificates
keytool -import -alias intermed -keystore keystore -trustcacerts -file gd_intermediate.crt Enter keystore password: Certificate was added to keystore
7. Import your certificate
keytool -import -alias red5 -keystore keystore -trustcacerts -file ssl.red5.org.crt Enter keystore password: Certificate reply was installed in keystore
8. Setup RTMPS in your red5/conf/red5-core.xml. You may notice that some of the rtmp variables are used here, that is only for ease of setup; you could set them to whatever you prefer.
<bean id="rtmpsMinaIoHandler"
class="org.red5.server.net.rtmps.RTMPSMinaIoHandler">
<property name="handler" ref="rtmpHandler" />
<property name="codecFactory" ref="rtmpCodecFactory" />
<property name="rtmpConnManager" ref="rtmpMinaConnManager" />
<property name="keyStorePassword" value="${rtmps.keystorepass}" />
<property name="keystoreFile" value="conf/keystore" />
</bean>
<bean id="rtmpsTransport" class="org.red5.server.net.rtmp.RTMPMinaTransport" init-method="start" destroy-method="stop">
<property name="ioHandler" ref="rtmpsMinaIoHandler" />
<property name="connectors">
<list>
<bean class="java.net.InetSocketAddress">
<constructor-arg index="0" type="java.lang.String" value="${rtmps.host}" />
<constructor-arg index="1" type="int" value="${rtmps.port}" />
</bean>
</list>
</property>
<property name="receiveBufferSize" value="${rtmp.receive_buffer_size}" />
<property name="sendBufferSize" value="${rtmp.send_buffer_size}" />
<property name="eventThreadsCore" value="${rtmp.event_threads_core}" />
<property name="eventThreadsMax" value="${rtmp.event_threads_max}" />
<property name="eventThreadsQueue" value="${rtmp.event_threads_queue}" />
<property name="eventThreadsKeepalive" value="${rtmp.event_threads_keepalive}" />
<property name="jmxPollInterval" value="1000" />
<property name="tcpNoDelay" value="${rtmp.tcp_nodelay}" />
</bean>
Additional security info can be found here
The testing player source can be found here
Buzz it!
