The following steps shows the procedures to enable SSL for Wowza Manager with let’s encrypt https://certbot.eff.org/
1. Prerequisite: following the steps in the following link to get SSL certificates ready. we just assume we want to run SSL for nginx, even you do not run nginix it is OK to follow the steps to get SSL certificates created and ready for use.
Certbot – Ubuntubionic Nginx
Automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates.
2. After step 1 is done and ready, you should have certificate files located in /etc/letsencrypt/live. please do a “ls -l /etc/letsencrypt/live” to verify that.
3. Download wowza-letsencrypt-converter-0.2.jar from https://github.com/robymus/wowza-le...load/v0.2/wowza-letsencrypt-converter-0.2.jar with the following command: cd /usr/local/WowzaStreamingEngine/lib wget https://github.com/robymus/wowza-le...load/v0.2/wowza-letsencrypt-converter-0.2.jar
4. ensure your Linux OS can run java , if not, please install Java 8 JRE. Wowza 4.7.8 use java9 in its own directory, so there will have no java version conflict, so do not worry if you install java8 JRE in your linux OS.
For ubuntu, please use the following command to install java8 JRE.
apt install openjdk-8-jre-headless
5. Run the following command to convert SSL certificates to java keystone format.
cd /usr/local/WowzaStreamingEngine/lib java -jar wowza-letsencrypt-converter-0.2.jar -v /usr/local/WowzaStreamingEngine/conf/ /etc/letsencrypt/live/
6. After step 5, you should have your-domain-name.jks and jksmap.txt in /usr/local/WowzaStreamingEngine/conf where your-domain-name.jks store the certificates with keystone format and jksmap.txt stored the certificate maps with the password of “secret”.
7. all the above steps just to have the SSL certificates generated and converted to java keystone format with a password of “secret”.
8. Change directory to /usr/local/WowzaStreamingEngine/manager/conf and edit tomcat.properties file to enable SSL for manager
The following shows the sample contents of the tomcat.properties file
#httpsPort=8090 httpsPort=8090 #httpsKeyStore=conf/certificate.jks httpsKeyStore=/usr/local/WowzaStreamingEngine/conf/iaarc.com.jks #httpsKeyStorePassword=[password] httpsKeyStorePassword=secret #httpsKeyAlias=[key-alias]
9. Restart Wowza manager with the following command to have the SSL configuration for Manager take effect.
systemctl restart WowzaStreamingEngineManager.service
10. you can now login to https://your-domain-name:8090/enginemanager/login.htm
for Wowza server manager with SSL enabled.
11. Please note that even you have SSL enabled the default http port of 8088 is still enabled. TO secure your server, I would recommend you use local firewall to block port access of 8088 from internet.