Forum

TLSV 1.2 Certificate

Carlo 2020-06-16 21:54:25 UTC in Nimble Streamer

Hi,
I would like to know if the TLSV 1.2 Certificate is compatible with RTMPS, RTSPS and HLS protocols.
If it is compatible, how can I install TLSV 1.2 Certificate on Nimble Streamer?
If I have an encoder like ffmpeg, I have to install the TLSV 1.2 Certificate only on the Nimble Streamer server or on the encoder too?
I’m new in these kind of things so I need an help, please!
Thank you
Carlo

Alex Pokotilo 2020-06-17 02:47:27 UTC 

Hi,
>I would like to know if the TLSV 1.2 Certificate is compatible with RTMPS, RTSPS and HLS protocols.
I'm not sure what you mean by 'TLSV 1.2 Certificate' but Nimble streamer works via TLS 1.2 on old OSes and works via TLS 1.3 on new OSes like Ubuntu 18.04, 20.04. So I think answer to your question is 'yes'.

>If I have an encoder like ffmpeg, I have to install the TLSV 1.2 Certificate only on the Nimble Streamer server or on the encoder too?
you need to install certificate only on Nimble Streamer.
please find some links for the subject
https://blog.wmspanel.com/2014/12/ssl-hls-mpeg-dash-icecast-https-support.html
https://blog.wmspanel.com/2019/02/rtmps-ssl-rtmp-nimble-streamer.html
https://blog.wmspanel.com/2019/08/using-certbot-letsencrypt-nimble-streamer.html

please also try to find answers first via https://softvelum.com/search/ as most of them, like this one, already answered

carlosgambato19@gmail.com 2020-06-17 14:13:54 UTC 

Thank you for the answer, Alex.
I have a doubt: to get an encrypted transmission i also have to install the certificate on the encoder (ffmpeg)?
How can i protect my streaming using the protocol RTMP or RSTP?
Can i generate the certificates by using OpenSSL?
Thank you
Carlo

Sergei 2020-06-18 01:01:28 UTC 

Hello, Carlos.

If you want to use RTMPS, then you need to install SSL on Nimble only, but you will also need a special build of FFMPEG, that supports RTMPS. Please consult FFMPEG documentation on it.
If you mean protecting publishing to the Nimble streamer, you can use user/password that is set up in Global tab, or set up Publish Control to use a signature, as described in the following page:
https://blog.wmspanel.com/2015/12/rtsp-publish-control-setup.html
If you mean viewing, please use WMSAuth hotlink protection as described in the following page:
https://softvelum.com/paywall/hotlink_protection/

You can generate certificates with OpenSSL, but note, that it will be self-signed.
Thank you

Gastone 2020-06-18 11:25:26 UTC 

Hello, thanks a lot for your answers. I'm working with Carlo at the project and I'm sure we haven't explained our aim completely.
Essentially we would love to "protect" and encrypt the whole streaming chain end to end. We would like to stream RTMPS from our encoders (which should be authenticated and encrypted at the same time) and then transmux those streams into HLS and distribute those with encryption again (probably on an HTML5 page via HTTPS). Since our content is very sensible we really need to have encryption all the way. Also probably we will need DRM (but that's something we'll understand further down the line).
So the questions are:
Is there any way to push RTMPS and RTSPS streams on nimble?
If so, where and what are the options to use them? (we don't seem to find an interface for those)
Do we need to use TLS v1.3 (v stands for version) certificates to stream RTMPS and RTSPS on nimble?
Also, I know this is not a question related to Nimble Streamer but we are quite new to the streaming world, what key are RTMPS and RTSPS using to encrypt the streams?
Are they using the username and password to generate the encryption? Or do we need a kind of certificate on the encoder side to properly encrypt those streams?

Thanks a lot for your help

Yury 2020-06-19 01:06:14 UTC 

Hi Gaston,

Please send these questions to our helpdesk so we could answer there.

Post a reply


Post a new question

Categories:

This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the Privacy Policy. If you want to know more or withdraw your consent to all or some of the cookies, please refer to the Privacy Policy.
By closing this banner, scrolling this page, clicking a link or continuing to browse otherwise, you agree to the use of cookies.