WebRTC/RTP Server: Helpers

2025-12-28T08:56:04Z

Dkn:

{{This|Helpers/webrtc_server.html}}

==Steps required to use the HTTPS protocol.==

Before you can start using the HTTPS protocol to communicate with a WRTP server, you need to create, install, and bind certificates.

==Creating certificates==

To create 2 debug certificates for testing the HTTPS protocol, you need to do the following:

1). Installing mkcert.exe
* open https://github.com/FiloSottile/mkcert/releases
* download the mkcert-v1.4.4-windows-amd64.exe file to the "C:\Program Files\mkcert" folder (create this folder) and rename it to mkcert.exe.
* add "C:\Program Files\mkcert" to PATH (system variables): Settings -> System -> About -> Advanced system settings -> Enviroment variables -> System variables\Path: press "Edit..." -> Press "New" -> put "C:\Program Files\mkcert" -> press OK -> press OK -> press OK -> Close Settings.About
 
2). Creating CA certificate (<user name> is name of curent user).
* remove old CA certificate from "C:\Users\<user name>\AppData\Local\mkcert" folder
* open Windows console (command prompt or Windows terminal) with administrator rights
* in the console window (header "Administrator: Command") enter:
&emsp;&emsp;'''mkcert -install''' 
&emsp;&emsp;''> Created a new local CA'' 
&emsp;&emsp;In "Security Warning" Dialog : press '''Yes''' 
&emsp;&emsp;''> The local CA is now installed in the system trust store!'' 

* The files "rootCA.pem" and "rootCA-key.pem" should have been created in the "C:\Users\<user name>\AppData\Local\mkcert" folder. Move them to some folder where you will store your certificates.
 
3). Creating work certificate cert.my for 4 names. 
NOTE. IP address '''192.168.1.999''' is used as server IP address, please change it to your real IP address.
* in the console window (header "Administrator: Command") enter
&emsp;&emsp;'''mkcert cert.my localhost 127.0.0.1 ::1 192.168.1.999''' 
&emsp;&emsp;''> Created a new certificate valid for the following names'' 
&emsp;&emsp;''> - "cert.my"'' 
&emsp;&emsp;''> - "localhost"'' 
&emsp;&emsp;''> - "127.0.0.1"'' 
&emsp;&emsp;''> - "::1"'' 
&emsp;&emsp;''> - "192.168.1.999"'' 
&emsp;&emsp;''> The certificate is at "./cert.my+4.pem" and the key at "./cert.my+4-key.pem"'' 

* The files "cert.my+4.pem" and "cert.my+4-key.pem" should have been created in the "C:\Windows\System32" folder. Move them to some folder where you will store your certificates.
 
4). Convert .pem files to .pfx files using the certutil tool. 
* rename your .pem files:
&emsp;&emsp;'''rootCA.pem''' -> '''rootCA.cer''' 
&emsp;&emsp;'''rootCA-key.pem''' -> '''rootCA.key''' 
&emsp;&emsp;'''cert.my+4.pem''' -> '''cert.my+4.cer''' 
&emsp;&emsp;'''cert.my+4-key.pem''' -> '''cert.my+4.key'''

* In the console window (header "Administrator: Command"), go to the folder containing the certificates:
&emsp;&emsp;'''cd <folder with certificates>'''

* convert rootCA.cer and rootCA.key files to rootCA.pfx
&emsp;&emsp;'''certutil -MergePFX rootCA.cer rootCA.pfx''' 
&emsp;&emsp;''> Signature test passed'' 
&emsp;&emsp;''> Enter new password for output file rootCA.pfx:'' 
&emsp;&emsp;''> Enter new password:'' 
&emsp;&emsp;'''******<Enter>''' 
&emsp;&emsp;''> Confirm new password:'' 
&emsp;&emsp;'''******<Enter>''' 
&emsp;&emsp;''> CertUtil: -MergePFX command completed successfully.'' 
The file "rootCA.pfx" should have been created in the '''<folder with certificates>'''.

* convert cert.my+4.cer and cert.my+4.key files to cert.my+4.pfx
&emsp;&emsp;'''certutil -MergePFX cert.my+4.cer cert.my+4.pfx''' 
&emsp;&emsp;''> Signature test passed'' 
&emsp;&emsp;''> Enter new password for output file cert.my+4.pfx:'' 
&emsp;&emsp;''> Enter new password:'' 
&emsp;&emsp;'''******<Enter>''' 
&emsp;&emsp;''> Confirm new password:'' 
&emsp;&emsp;'''******<Enter>''' 
&emsp;&emsp;''> CertUtil: -MergePFX command completed successfully.'' 
The file "cert.my+4.pfx" should have been created in the '''<folder with certificates>'''.

==Installing certificates==
Both certificates are installed using the Microsoft Management Console:

1). Open MMC
* Windows Start -> Run -> mmc -> OK -> Yes
* Microsoft Management Console: Menu "File" -> "Add/Remove Snap-in..." -> "Add or Remove Snap-ins" dialog
* "Add or Remove Snap-ins" dialog: select "Certrificates" -> press "Add" -> "Certificates snap-in" dialog
* "Certificates snap-in" dialog : select "Computer account" -> press "Next >" -> "Select Computer" dialog
* "Select Computer" dialog: select "Local computer ..." (default) -> press "Finish" -> "Add or Remove Snap-ins"
* "Add or Remove Snap-ins" dialog: press "OK" button
 
2). Adding CA certificate rootCA.pfx
* "Certificates (Local Computer)" -> "Trusted Root Certification Authorities" -> "Certificates" -> right mouse button -> "All Tasks" -> "Import..." -> "Certificate Import Wizard"
* "Certificate Import Wizard" -> press "Next" -> "File to import" dialog
* "File to import" dialog -> put "rootCA.pfx" with path to "File Name:" or use "Browse..." to select "rootCA.pfx" file (use the drop-down list to the right of the "File name:" field to select .pfx file) -> press "Next" -> "Private key protection" dialog
* "Private key protection" -> enter CA certificate password from step 1d). to "Password" -> press "Next"
* "Certificate Store" -> select "Place all certificates ..." : "Trusted Root Certification Authorities" (selected by default) -> press "Next"
* "Completing the Certificate Import Wizard" -> press "Finish"
* If all is OK: box with "The import was successful" will be shown -> press "OK"
Now you can see certificate "mkcert <user name>\..." in "Trusted Root Certification Authorities" -> "Certificates". 

3). Adding work certificate cert.my+4.pfx 
* "Certificates (Local Computer)" -> "Personal" -> "Certificates" -> right mouse button -> "All Tasks" -> "Import..." -> "Certificate Import Wizard"
* "Certificate Import Wizard" -> press "Next" -> "File to import" dialog
* "File to import" dialog -> put "cert.my+4.pfx" with path to "File Name:" or use "Browse..." to select "cert.my+4.pfx" file (use the drop-down list to the right of the "File name:" field to select .pfx file) -> press "Next" -> "Private key protection" dialog
* "Private key protection" -> enter work certificate password from step 1d). to "Password" -> press "Next"
* "Certificate Store" -> select "Place all certificates ..." : "Personal" (selected by default) -> press "Next"
* "Completing the Certificate Import Wizard" -> press "Finish"
* If all is OK: box with "The import was successful" will be shown -> press "OK"
Now you can see certificate Issued To "<user name>\..." Issued By "mkcert <user name>\..." in "Personal" -> "Certificates". 

==Binding certificate==
To use a working certificate (cert.my+4.pfx), it must be bound to an address:port. 
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/netsh-http

Adds SSL certificate binding for a specified IP address and port, along with corresponding client certificate policies, to securely manage HTTPS connections for the HTTP Service: 
&emsp;&emsp;'''netsh http add sslcert ipport=127.0.0.1:50000 certhash=0123456789abcdef0123456789abcdef01234567 appid={00112233-4455-6677-8899-AABBCCDDEEFF}'''

Shows a list of SSL server certificate bindings for the specified ipport: 
&emsp;&emsp;'''netsh http show sslcert ipport=127.0.0.1:50000'''

Deletes SSL server certificate bindings for the specified ipport: 
&emsp;&emsp;'''netsh http delete sslcert ipport=127.0.0.1:50000'''

===Options.===

'''certhash''': The certificate hash (often represented as a thumbprint) of the SSL certificate to be bound. It can be obtained (for example) from mmc (Microsoft Management Console):
* Windows Start -> Run -> mmc -> OK -> Yes
* Microsoft Management Console: Menu "File" -> "Add/Remove Snap-in..." -> "Add or Remove Snap-ins" dialog
* "Add or Remove Snap-ins" dialog: select "Certrificates" -> press "Add" -> "Certificates snap-in" dialog
* "Certificates snap-in" dialog : select "Computer account" -> press "Next >" button -> "Select Computer" dialog
* "Select Computer" dialog: select "Local computer ..." (selected by default) -> press "Finish" button -> "Add or Remove Snap-ins" dialog
* "Add or Remove Snap-ins" dialog: press "OK" button
* select "Certificates (Local Computer)" -> "Personal" -> "Certificates"
* double left mouse click on wanted certificate -> "Certificate" dialog
* "Certificate" dialog -> tab "Details" -> select "Thumbprint" field -> copy certhash

'''appid''': You can use any GUID as the appid (is this an atavism? It was tested with GUID_NULL - everything works fine, no issues found).

'''certstorename''': The name of the certificate store where the SSL certificate is located, default is "MY" ("Personal")

==Using HTTPS==
Now you can test the WRTP server's operation over HTTPS on your local computer, for example: https://127.0.0.1:50000
 If you want to test WebRTC/RTP server playback from another computer on your local network, you should install the used CA certificate (rootCA.pfx) on that computer.

 If you have any notes, comments or suggestions about the information on this page, please contact us at [mailto:support@avobjects.com support@avobjects.com]

[[Category: Helpers]]
__NOTOC__

WebRTC/RTP Server: Using HTTPS

2025-12-28T08:48:20Z

Dkn: Created page with "   {{This|Using HTTPS/webrtc_server.html}} ==..."

{{This|Using HTTPS/webrtc_server.html}}

===Steps required to use the HTTPS protocol.===

[[Category: Using HTTPS]]
__NOTOC__

Pipe for ffmpeg: Settings

2025-10-23T12:08:12Z

Dkn:

Filter interface and command line preparation for [[Pipe for ffmpeg]] DirectShow filter. 
Interface IAVOPipeFFmpeg can be found in file <filter installation directory>\Idl\PipeFF.idl

===Command line===

The command line includes the following sections: 
'''<Path to ffmpeg.exe> <INPUT> [<Common options>] [<Coding[0]> ... <Coding[N]>] <Output file>''' 

where: 

'''- <Path to ffmpeg.exe>''' : The full name of the ffmpeg.exe module. Specified by the user. If IAVOPipeFFmpeg::PutExe(bsExe) is called with bsExe == NULL or *bsExe = 0, ffmpeg.exe will be searched in the .exe (application) or .dll (filter) folders. 

'''- <INPUT>''' : Input stream and pipe parameters. These are set by the filter based on the connection media types and predefined parameters. 

'''- <Common options>''': the following options can be specified in this section 
* Input stream modifications (resize, aspect ratio, frame rate, sample rate, etc.); 
* Trimming (start, end, duration, etc.); 
* Encoding options (encoders, bitrate, profile, etc.); 
* Additional parameters ("-y" for overwriting, "-loglevel", "-report", etc.); 
NOTE: ":stream_specifier" must be set according to ffmpeg docs (-c:v, -b:a:1, etc.). 
<Common options> section is optional, some parameters can be specified in the <Coding> sections. 

'''- <Coding[n]>''': encoding parameters for stream n (for the stream number, only connected pins are taken into account). Stream parameters can be retrieved using IAVOPipeFFmpeg::GetPinParams(nPin, ...). Features of this section: 

* The codec used can be specified in the first word of this part, the codec name starts with a letter, for example: mpeg2video, mpeg4, libx264, aac, ac3, ... The codec option and stream_specifier will be automatically added before the codec name, for example for video stream 0: "-c:v:0", for audio stream 5: "-c:a:5", etc. 
* Partial options are allowed: ":stream_specifier" can be omitted after the option name, it will be automatically added for known options (see [:stream_specifier] in ffmpeg docs). If ":stream_specifier" is found after the option name, it will be changed to the actual "stream_type:additional_stream_specifier" by filter. 
Examples of <Coding>:
Video stream 1: "mpeg4 -b 1150k -maxrate:v 1150k" converted to "-c:v:1 mpeg4 -b:v:1 1150k -maxrate:v:1 1150k"
Audio stream 2: "mp2 -b:a 224k" converted to "-c:a:2 mp2 -b:a:2 224k"
Audio stream 0: "-codec aac -b 128K" converted to "-c:a:0 aac -b:a:0 128K"
<Coding[n]> sections are optional, parameters can be specified in <Common options>. 

'''- <Output file>''' : the full name of the output file. The file type is determined by the extension, unless changed in the <Common options> section with the "-f" option. This part is mandatory.

===Use cases===
To create the ffmpeg command line, the IAVOPipeFFmpeg interface functions are used (see Idl\PipeFF.idl). There are two main methods for using these functions to create
a command line: 

'''1.''' For users unfamiliar with ffmpeg syntax and for quick usage: 
<Common options> is used for actual "common" properties: "-y", "-loglevel", "-report", etc. 
<Coding[N]> is used to select the encoder. You can also set the bitrate and other parameters. 

[[Image:PipeFF-coding.jpg|800px|Using <Coding> section.]] 

 
'''2.''' For advanced ffmpeg users 
You can put all ffmpeg options in <Common options> and leave <Coding[N]> empty. 
<Common options> line on picture: "-c:v mpeg4 -b:v 2000K -c:a:0 aac -b:a:0 128K -c:a:1 ac3 -b:a:1 192K -y" 

[[Image:PipeFF-common.jpg|800px|Using <Common options> section.]] 

A combination of these methods is also possible. 

If you have any questions, this information is not sufficient, or you have any additional requests, please contact us at [mailto:support@avobjects.com support@avobjects.com]

AVObjects Knowledge Base - New pages [en]

WebRTC/RTP Server: Helpers

WebRTC/RTP Server: Using HTTPS

Pipe for ffmpeg: Settings