WebRTC/RTP Server: Helpers

From AVObjects Knowledge Base
(Difference between revisions)
Jump to: navigation, search
 
(39 intermediate revisions by one user not shown)
Line 8: Line 8:
 
Before you can start using the HTTPS protocol to communicate with a WRTP server, you need to create, install, and bind certificates.
 
Before you can start using the HTTPS protocol to communicate with a WRTP server, you need to create, install, and bind certificates.
  
1. '''Creating certificates''' (2 certificates will be created).The following procedure is used to create test certificates:<br>
+
==Creating certificates==
  
a). Installing mkcert.exe
+
To create 2 debug certificates for testing the HTTPS protocol, you need to do the following:
 +
 
 +
1). Installing mkcert.exe
 
* open https://github.com/FiloSottile/mkcert/releases
 
* open https://github.com/FiloSottile/mkcert/releases
 
* download the mkcert-v1.4.4-windows-amd64.exe file to the "C:\Program Files\mkcert" folder (create this folder) and rename it to mkcert.exe.
 
* download the mkcert-v1.4.4-windows-amd64.exe file to the "C:\Program Files\mkcert" folder (create this folder) and rename it to mkcert.exe.
 
* add "C:\Program Files\mkcert" to PATH (system variables):<br>Settings -> System -> About -> Advanced system settings -> Enviroment variables -> System variables\Path: press "Edit..." -> Press "New" -> put "C:\Program Files\mkcert" -> press OK -> press OK -> press OK -> Close Settings.About
 
* add "C:\Program Files\mkcert" to PATH (system variables):<br>Settings -> System -> About -> Advanced system settings -> Enviroment variables -> System variables\Path: press "Edit..." -> Press "New" -> put "C:\Program Files\mkcert" -> press OK -> press OK -> press OK -> Close Settings.About
 
+
<br>
b). Creating CA certificate (<user name> is name of curent user).
+
2). Creating CA certificate (<user name> is name of curent user).
 
* remove old CA certificate from "C:\Users\<user name>\AppData\Local\mkcert" folder
 
* remove old CA certificate from "C:\Users\<user name>\AppData\Local\mkcert" folder
 
* open Windows console (command prompt or Windows terminal) with administrator rights
 
* open Windows console (command prompt or Windows terminal) with administrator rights
Line 25: Line 27:
  
 
* The files "rootCA.pem" and "rootCA-key.pem" should have been created in the "C:\Users\<user name>\AppData\Local\mkcert" folder. Move them to some folder where you will store your certificates.
 
* The files "rootCA.pem" and "rootCA-key.pem" should have been created in the "C:\Users\<user name>\AppData\Local\mkcert" folder. Move them to some folder where you will store your certificates.
 
+
<br>
c). Creating work certificate cert.my for 4 names.<br>
+
3). Creating work certificate cert.my for 4 names.<br>
 
NOTE. IP address '''192.168.1.999''' is used as server IP address, please change it to your real IP address.
 
NOTE. IP address '''192.168.1.999''' is used as server IP address, please change it to your real IP address.
 
* in the console window (header "Administrator: Command") enter
 
* in the console window (header "Administrator: Command") enter
Line 39: Line 41:
  
 
* The files "cert.my+4.pem" and "cert.my+4-key.pem" should have been created in the "C:\Windows\System32" folder. Move them to some folder where you will store your certificates.
 
* The files "cert.my+4.pem" and "cert.my+4-key.pem" should have been created in the "C:\Windows\System32" folder. Move them to some folder where you will store your certificates.
 
+
<br>
d). Convert .pem files to .pfx files using the certutil tool.<br>
+
4). Convert .pem files to .pfx files using the certutil tool.<br>
 
* rename your .pem files:
 
* rename your .pem files:
 
&emsp;&emsp;'''rootCA.pem''' -> '''rootCA.cer'''<br>
 
&emsp;&emsp;'''rootCA.pem''' -> '''rootCA.cer'''<br>
Line 72: Line 74:
 
The file "cert.my+4.pfx" should have been created in the '''<folder with certificates>'''.
 
The file "cert.my+4.pfx" should have been created in the '''<folder with certificates>'''.
  
2. Installing both certificates using the Microsoft Management Console.
+
==Installing certificates==
a). Open MMC
+
Both certificates are installed using the Microsoft Management Console:
 +
 
 +
1). Open MMC
 
* Windows Start -> Run -> mmc -> OK -> Yes
 
* Windows Start -> Run -> mmc -> OK -> Yes
 
* Microsoft Management Console: Menu "File" -> "Add/Remove Snap-in..." -> "Add or Remove Snap-ins" dialog
 
* Microsoft Management Console: Menu "File" -> "Add/Remove Snap-in..." -> "Add or Remove Snap-ins" dialog
Line 80: Line 84:
 
* "Select Computer" dialog: select "Local computer ..." (default) -> press "Finish" -> "Add or Remove Snap-ins"
 
* "Select Computer" dialog: select "Local computer ..." (default) -> press "Finish" -> "Add or Remove Snap-ins"
 
* "Add or Remove Snap-ins" dialog: press "OK" button
 
* "Add or Remove Snap-ins" dialog: press "OK" button
 
+
<br>
b). Adding CA certificate rootCA.pfx
+
2). Adding CA certificate rootCA.pfx
 
* "Certificates (Local Computer)" -> "Trusted Root Certification Authorities" -> "Certificates" -> right mouse button -> "All Tasks" -> "Import..." -> "Certificate Import Wizard"
 
* "Certificates (Local Computer)" -> "Trusted Root Certification Authorities" -> "Certificates" -> right mouse button -> "All Tasks" -> "Import..." -> "Certificate Import Wizard"
 
* "Certificate Import Wizard" -> press "Next" -> "File to import" dialog
 
* "Certificate Import Wizard" -> press "Next" -> "File to import" dialog
Line 89: Line 93:
 
* "Completing the Certificate Import Wizard" -> press "Finish"
 
* "Completing the Certificate Import Wizard" -> press "Finish"
 
* If all is OK: box with "The import was successful" will be shown -> press "OK"
 
* If all is OK: box with "The import was successful" will be shown -> press "OK"
Now you can see certificate "mkcert <user name>\..." in "Trusted Root Certification Authorities" -> "Certificates".
+
Now you can see certificate "mkcert <user name>\..." in "Trusted Root Certification Authorities" -> "Certificates".<br>
  
c). Adding work certificate cert.my+4.pfx
+
3). Adding work certificate cert.my+4.pfx<br>
 
* "Certificates (Local Computer)" -> "Personal" -> "Certificates" -> right mouse button -> "All Tasks" -> "Import..." -> "Certificate Import Wizard"
 
* "Certificates (Local Computer)" -> "Personal" -> "Certificates" -> right mouse button -> "All Tasks" -> "Import..." -> "Certificate Import Wizard"
 
* "Certificate Import Wizard" -> press "Next" -> "File to import" dialog
 
* "Certificate Import Wizard" -> press "Next" -> "File to import" dialog
Line 99: Line 103:
 
* "Completing the Certificate Import Wizard" -> press "Finish"
 
* "Completing the Certificate Import Wizard" -> press "Finish"
 
* If all is OK: box with "The import was successful" will be shown -> press "OK"
 
* If all is OK: box with "The import was successful" will be shown -> press "OK"
Now you can see certificate Issued To "<user name>\..." Issued By "mkcert <user name>\..." in "Personal" -> "Certificates".
+
Now you can see certificate Issued To "<user name>\..." Issued By "mkcert <user name>\..." in "Personal" -> "Certificates".<br>
  
3. Certificate binding
+
==Binding certificate==
 +
To use a working certificate (cert.my+4.pfx), it must be bound to an address:port.<br>
 
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/netsh-http
 
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/netsh-http
  
Line 113: Line 118:
 
&emsp;&emsp;'''netsh http delete sslcert ipport=127.0.0.1:50000'''
 
&emsp;&emsp;'''netsh http delete sslcert ipport=127.0.0.1:50000'''
  
Options.
+
===Options.===
  
 
'''certhash''': The certificate hash (often represented as a thumbprint) of the SSL certificate to be bound. It can be obtained (for example) from mmc (Microsoft Management Console):
 
'''certhash''': The certificate hash (often represented as a thumbprint) of the SSL certificate to be bound. It can be obtained (for example) from mmc (Microsoft Management Console):
Line 126: Line 131:
 
* "Certificate" dialog -> tab "Details" -> select "Thumbprint" field -> copy certhash
 
* "Certificate" dialog -> tab "Details" -> select "Thumbprint" field -> copy certhash
  
'''appid''': Any GUID can be used as appid (is this an atavism? I (DKN) don't know, but also GUID_NULL can be used).
+
'''appid''': You can use any GUID as the appid (is this an atavism? It was tested with GUID_NULL - everything works fine, no issues found).
  
 
'''certstorename''': The name of the certificate store where the SSL certificate is located, default is "MY" ("Personal")
 
'''certstorename''': The name of the certificate store where the SSL certificate is located, default is "MY" ("Personal")
 +
 +
==Using HTTPS==
 +
Now you can test the WRTP server's operation over HTTPS on your local computer, for example: https://127.0.0.1:50000
 +
<br>If you want to test WebRTC/RTP server playback from another computer on your local network, you should install the used CA certificate (rootCA.pfx) on that computer.
 +
 +
<br>If you have any notes, comments or suggestions about the information on this page, please contact us at [mailto:support@avobjects.com support@avobjects.com]
  
 
[[Category: Helpers]]
 
[[Category: Helpers]]
 
__NOTOC__
 
__NOTOC__

Latest revision as of 17:43, 28 December 2025

This page is a copy of the original page on the AVObjects' web site and can also be viewed here.

Steps required to use the HTTPS protocol.

Before you can start using the HTTPS protocol to communicate with a WRTP server, you need to create, install, and bind certificates.

Creating certificates

To create 2 debug certificates for testing the HTTPS protocol, you need to do the following:

1). Installing mkcert.exe

  • open https://github.com/FiloSottile/mkcert/releases
  • download the mkcert-v1.4.4-windows-amd64.exe file to the "C:\Program Files\mkcert" folder (create this folder) and rename it to mkcert.exe.
  • add "C:\Program Files\mkcert" to PATH (system variables):
    Settings -> System -> About -> Advanced system settings -> Enviroment variables -> System variables\Path: press "Edit..." -> Press "New" -> put "C:\Program Files\mkcert" -> press OK -> press OK -> press OK -> Close Settings.About


2). Creating CA certificate (<user name> is name of curent user).

  • remove old CA certificate from "C:\Users\<user name>\AppData\Local\mkcert" folder
  • open Windows console (command prompt or Windows terminal) with administrator rights
  • in the console window (header "Administrator: Command") enter:

  mkcert -install
  > Created a new local CA
  In "Security Warning" Dialog : press Yes
  > The local CA is now installed in the system trust store!

  • The files "rootCA.pem" and "rootCA-key.pem" should have been created in the "C:\Users\<user name>\AppData\Local\mkcert" folder. Move them to some folder where you will store your certificates.


3). Creating work certificate cert.my for 4 names.
NOTE. IP address 192.168.1.999 is used as server IP address, please change it to your real IP address.

  • in the console window (header "Administrator: Command") enter

  mkcert cert.my localhost 127.0.0.1 ::1 192.168.1.999
  > Created a new certificate valid for the following names
  > - "cert.my"
  > - "localhost"
  > - "127.0.0.1"
  > - "::1"
  > - "192.168.1.999"
  > The certificate is at "./cert.my+4.pem" and the key at "./cert.my+4-key.pem"

  • The files "cert.my+4.pem" and "cert.my+4-key.pem" should have been created in the "C:\Windows\System32" folder. Move them to some folder where you will store your certificates.


4). Convert .pem files to .pfx files using the certutil tool.

  • rename your .pem files:

  rootCA.pem -> rootCA.cer
  rootCA-key.pem -> rootCA.key
  cert.my+4.pem -> cert.my+4.cer
  cert.my+4-key.pem -> cert.my+4.key

  • In the console window (header "Administrator: Command"), go to the folder containing the certificates:

  cd <folder with certificates>

  • convert rootCA.cer and rootCA.key files to rootCA.pfx

  certutil -MergePFX rootCA.cer rootCA.pfx
  > Signature test passed
  > Enter new password for output file rootCA.pfx:
  > Enter new password:
  ******<Enter>
  > Confirm new password:
  ******<Enter>
  > CertUtil: -MergePFX command completed successfully.
The file "rootCA.pfx" should have been created in the <folder with certificates>.

  • convert cert.my+4.cer and cert.my+4.key files to cert.my+4.pfx

  certutil -MergePFX cert.my+4.cer cert.my+4.pfx
  > Signature test passed
  > Enter new password for output file cert.my+4.pfx:
  > Enter new password:
  ******<Enter>
  > Confirm new password:
  ******<Enter>
  > CertUtil: -MergePFX command completed successfully.
The file "cert.my+4.pfx" should have been created in the <folder with certificates>.

Installing certificates

Both certificates are installed using the Microsoft Management Console:

1). Open MMC

  • Windows Start -> Run -> mmc -> OK -> Yes
  • Microsoft Management Console: Menu "File" -> "Add/Remove Snap-in..." -> "Add or Remove Snap-ins" dialog
  • "Add or Remove Snap-ins" dialog: select "Certrificates" -> press "Add" -> "Certificates snap-in" dialog
  • "Certificates snap-in" dialog : select "Computer account" -> press "Next >" -> "Select Computer" dialog
  • "Select Computer" dialog: select "Local computer ..." (default) -> press "Finish" -> "Add or Remove Snap-ins"
  • "Add or Remove Snap-ins" dialog: press "OK" button


2). Adding CA certificate rootCA.pfx

  • "Certificates (Local Computer)" -> "Trusted Root Certification Authorities" -> "Certificates" -> right mouse button -> "All Tasks" -> "Import..." -> "Certificate Import Wizard"
  • "Certificate Import Wizard" -> press "Next" -> "File to import" dialog
  • "File to import" dialog -> put "rootCA.pfx" with path to "File Name:" or use "Browse..." to select "rootCA.pfx" file (use the drop-down list to the right of the "File name:" field to select .pfx file) -> press "Next" -> "Private key protection" dialog
  • "Private key protection" -> enter CA certificate password from step 1d). to "Password" -> press "Next"
  • "Certificate Store" -> select "Place all certificates ..." : "Trusted Root Certification Authorities" (selected by default) -> press "Next"
  • "Completing the Certificate Import Wizard" -> press "Finish"
  • If all is OK: box with "The import was successful" will be shown -> press "OK"

Now you can see certificate "mkcert <user name>\..." in "Trusted Root Certification Authorities" -> "Certificates".

3). Adding work certificate cert.my+4.pfx

  • "Certificates (Local Computer)" -> "Personal" -> "Certificates" -> right mouse button -> "All Tasks" -> "Import..." -> "Certificate Import Wizard"
  • "Certificate Import Wizard" -> press "Next" -> "File to import" dialog
  • "File to import" dialog -> put "cert.my+4.pfx" with path to "File Name:" or use "Browse..." to select "cert.my+4.pfx" file (use the drop-down list to the right of the "File name:" field to select .pfx file) -> press "Next" -> "Private key protection" dialog
  • "Private key protection" -> enter work certificate password from step 1d). to "Password" -> press "Next"
  • "Certificate Store" -> select "Place all certificates ..." : "Personal" (selected by default) -> press "Next"
  • "Completing the Certificate Import Wizard" -> press "Finish"
  • If all is OK: box with "The import was successful" will be shown -> press "OK"

Now you can see certificate Issued To "<user name>\..." Issued By "mkcert <user name>\..." in "Personal" -> "Certificates".

Binding certificate

To use a working certificate (cert.my+4.pfx), it must be bound to an address:port.
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/netsh-http

Adds SSL certificate binding for a specified IP address and port, along with corresponding client certificate policies, to securely manage HTTPS connections for the HTTP Service:
  netsh http add sslcert ipport=127.0.0.1:50000 certhash=0123456789abcdef0123456789abcdef01234567 appid={00112233-4455-6677-8899-AABBCCDDEEFF}

Shows a list of SSL server certificate bindings for the specified ipport:
  netsh http show sslcert ipport=127.0.0.1:50000

Deletes SSL server certificate bindings for the specified ipport:
  netsh http delete sslcert ipport=127.0.0.1:50000

Options.

certhash: The certificate hash (often represented as a thumbprint) of the SSL certificate to be bound. It can be obtained (for example) from mmc (Microsoft Management Console):

  • Windows Start -> Run -> mmc -> OK -> Yes
  • Microsoft Management Console: Menu "File" -> "Add/Remove Snap-in..." -> "Add or Remove Snap-ins" dialog
  • "Add or Remove Snap-ins" dialog: select "Certrificates" -> press "Add" -> "Certificates snap-in" dialog
  • "Certificates snap-in" dialog : select "Computer account" -> press "Next >" button -> "Select Computer" dialog
  • "Select Computer" dialog: select "Local computer ..." (selected by default) -> press "Finish" button -> "Add or Remove Snap-ins" dialog
  • "Add or Remove Snap-ins" dialog: press "OK" button
  • select "Certificates (Local Computer)" -> "Personal" -> "Certificates"
  • double left mouse click on wanted certificate -> "Certificate" dialog
  • "Certificate" dialog -> tab "Details" -> select "Thumbprint" field -> copy certhash

appid: You can use any GUID as the appid (is this an atavism? It was tested with GUID_NULL - everything works fine, no issues found).

certstorename: The name of the certificate store where the SSL certificate is located, default is "MY" ("Personal")

Using HTTPS

Now you can test the WRTP server's operation over HTTPS on your local computer, for example: https://127.0.0.1:50000
If you want to test WebRTC/RTP server playback from another computer on your local network, you should install the used CA certificate (rootCA.pfx) on that computer.


If you have any notes, comments or suggestions about the information on this page, please contact us at support@avobjects.com

Retrieved from "http://wiki.avobjects.com/index.php?title=WebRTC/RTP_Server:_Helpers&oldid=15455"
Personal tools