Accessibility

TechNote

Setting up software SSL in Breeze 5

Breeze 5 supports both software (native) Secure Sockets Layer (SSL) and hardware SSL accelerators such as BigIP's F5 or radware.

This article discusses software SSL configuration only. If you need assistance with a hardware SSL accelerator solution, you may contact Adobe enablement services for further consultation.

Before we dwell on the software SSL configuration, you should be aware that Breeze has two modules and they are Breeze presentation + training and Breeze Meeting. These two modules can be secured using SSL. The first question to ask yourself is which module would you like to secure or do you wish to secure both modules. Securing the Breeze presentation and training is considered securing only the web application or HTTPS and securing only the Breeze Meeting will be securing the RTMPS traffic.

First and foremost, in order to obtain the SSL certificate to be installed to Breeze server, you will need to generate your own CSR file.

Securing Only the Web Application (HTTPS Traffic):

To secure the web application (Breeze presentation + training), only one single IP address is required. The IP address must have a Fully Qualified Domain Name (FQDN) assigned and one single SSL certificate from an authorative vendor, such as Verisign.

Securing Only the Breeze Meeting (RTMPS Traffic):

To secure the Breeze Meeting, only one single IP address is needed. The IP address must have a Fully Qualified Domain Name (FQDN) assigned and one single SSL certificate from an authorative vendor, such as Verisign.

Securing Both the Web Application (HTTPS) and Breeze Meeting (RTMPS):

To secure both the Web Application and the Breeze Meeting, two IP addresses will be needed. Each IP address must have a Fully Qualified Domain Name (FQDN) assigned and two SSL certificates from an authorative vendor, such as Verisign.

Generating Certificate Signing Request (CSR) To Be Signed by Certifying Authority (CA):

Before we begin discussing the SSL configuration, you will need to obtain an SSL certificate from any vendor that issues SSL certificates. To obtain the SSL certificate, you must first generate an SSL Certificate Signing Request (CSR) file on which your final SSL certificate will be based. The CSR will contain the specific information about your company and FQDN on which the SSL will be installed. The CSR is a digital file that you will be sending to a Certifying Authority (CA) to be signed into a real SSL certificate. Web browsers will be able to decode and understand that your SSL certificate is signed by a valid CA.

There are different methods of generating a CSR file using your own server, such as IIS or Apache web server. If you do not have access to a web server to generate a CSR file, you can use the OpenSSL utility. OpenSSL utility is a server application and can be used to generate a CSR file. It is available on UNIX, Mac OS X and Windows platforms. Most UNIX and Mac OS X systems do have the OpenSSL utility pre-installed, however, if your UNIX or Mac OS X systems do not have the OpenSSL utility pre-installed, the OpenSSL installer can be found at http://www.openssl.org/. The Windows installer can be found at http://www.slproweb.com/products/Win32OpenSSL.html. If you have access to a UNIX box such as Linux, chances are that you do have openssl installed. Normally it is located in /usr/bin/openssl or, if it is not located in that path, you might be able to use the UNIX command find or locate to search for the openssl command.

If openssl was not installed on your UNIX system, you can obtain a copy from the OpenSSL web site. If you prefer to install OpenSSL on Windows, you can download the binary from the Shining Light Productions web site.

Instructions on how to use OpenSSL to generate a CSR file can be found on the Verisign and the Apache Software Foundation web sites. You can generate a self-signed certificate, for testing purposes only, at Verisign. Self-signed certificates do not work in securing Breeze Meeting. You will need to obtain a valid SSL certificate in order to implement SSL for Breeze Meeting.

SSL Encryption Bits Supported by Breeze:

There are different levels of encryption bits available, such as 40, 56, 128, 256 and 512 encryption. The larger the bits, the stronger the encryption and therefore it is more difficult to break into. One thing that you should be take into consideration is that not all web browsers support all the different bits. However, Breeze does support any bits. Breeze supports PEM certificate format and this is based on OpenSSL, which is Base 64 encoded.

Installing the SSL certificates:

Breeze does not require the SSL certificate to be installed in a specific folder or location. However, we recommend that you install the SSL certificates (in PEM format) into the Breeze installed folder, such as C:\Breeze.

How do you get the PEM file format for the SSL certificates? When you receive the CRT file from your CA authority, you can rename the file from .crt to .pem. Not all customers will have a separate private and public key file.

Securing Only the Breeze Web Application (HTTPS Traffic):

You will need only one IP address and FQDN assigned to the IP address and an SSL certificate. The example we will be using is 64.1.2.3 and the FQDN is breeze.adobe.com. We assume that you have an SSL certificate already generated.

  1. Logon to the Breeze system.
  2. Navigate to the C:\Breeze\comserv\win32\conf\_defaultRoot_\ folder and back up the Adaptor.xml file.
  3. Open Adaptor.xml in a text editor.
  4. Add these lines after the <Adaptor> directive by copying and pasting (modify only the info that is in italics): 
     <SSL>    <Edge name="webapp">      <SSLServerCtx>        <SSLCertificateFile>C:\breeze\customerssl.pem</SSLCertificateFile>        <SSLCertificateKeyFile type="PEM">C:\breeze\customerkey.pem</SSLCertificateKeyFile>        <SSLPassPhrase>mypassphrase</SSLPassPhrase>        <SSLCipherSuite>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</SSLCipherSuite>        <SSLSessionTimeout>5</SSLSessionTimeout>      </SSLServerCtx>    </Edge> </SSL>

    Note: The SSLPassPhrase is the certificate key pair.
  5. Search for <HostPort name="edge1">${DEFAULT_FCS_HOSTPORT}</HostPort>
  6. Add the line below after the line found in step 5: 
     <HostPort name="webapp" ctl_channel=":19351">:-443</HostPort>
    Note: This line will ensure that the Breeze web application is secured and it is using HTTPS.
  7. Save the Adaptor.xml file.
  8. Navigate to the C:\Breeze\comserv\win32\conf\_defaultRoot_\remote\ folder.
  9. Back up the Vhost.xml file.
  10. Open the Vhost.xml file in a text editor.
  11. Search for the line below: 
     <RouteEntry></RouteEntry>
  12. Replace with the line below: 
     <RouteEntry protocol="rtmp">*:*;127.0.0.1:1935</RouteEntry>

    Note: For clustering environments, use the following: 
     <RouteEntry protocol="rtmp">*:*;*:1935</RouteEntry>
  13. Save the Vhost.xml file.
  14. Open the C:\Breeze\custom.ini file and add the following lines (left align these lines): 
     # Begin of the SSL configuration ADMIN_PROTOCOL=https:// SSL_ONLY=yes HTTP_PORT=8080 HTTPS_PORT=8443 #End of the SSL configuration
  15. If you are running Breeze 5.1, do not add the following line to the custom.ini file: 
     HTTP_PORT=8080
    Instead, launch the Application Management Console on the Breeze server as follows:

    http://localhost:8510/console

    and type 8080 in the HTTP_PORT field, which can be found by clicking the Server Settings link.
  16. Save the custom.ini file.
  17. Open the Services in the Control Panel under Administrative Tools. Stop Macromedia Breeze Application Service and Flash Communication Administration Server. The system will also prompt you to stop the Flash Communication Server (FlashCom).
  18. Start Flash Communication Server (FlashCom). This will automatically start the Flash Communication Administration Server. The Macromedia Breeze Application Service must be started as well.
  19. Login to the Breeze manager to test the SSL configuration by entering https://breeze.adobe.com/
Securing Only the Breeze Meeting (RTMPS Traffic):

You will need only one IP address and FQDN assigned to the IP address and a SSL certificate. The example we will be using is 64.1.2.3 and the FQDN is breeze.adobe.com. We assume that you have an SSL certificate already generated. Note: Securing the meeting using software SSL is not supported on MacIntel based systems.

  1. Logon to the Breeze system.
  2. Navigate to the C:\Breeze\comserv\win32\conf\_defaultRoot_\ folder and back up the Adaptor.xml file.
  3. Open Adaptor.xml in a text editor.
  4. Add these lines after the <Adaptor> directive by copying and pasting (modify only the info that is in italics): 
     <SSL>   <Edge name="meeting">     <SSLServerCtx>       <SSLCertificateFile>C:\breeze\customerssl.pem</SSLCertificateFile>       <SSLCertificateKeyFile type="PEM">C:\breeze\customerkey.pem</SSLCertificateKeyFile>       <SSLPassPhrase>mypassphrase</SSLPassPhrase>       <SSLCipherSuite>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</SSLCipherSuite>       <SSLSessionTimeout>5</SSLSessionTimeout>     </SSLServerCtx>   </Edge> </SSL>
    Note: The SSLPassPhrase is the certificate key pair.
  5. Search for <HostPort name="edge1">${DEFAULT_FCS_HOSTPORT}</HostPort>
  6. Replace the line in step 5 with the two lines below: 
     <HostPort name="edge1" ctl_channel=":19350">:1935</HostPort> <HostPort name="meeting" ctl_channel=":19351">64.1.2.3:-443</HostPort>
    Note: These two lines will ensure that the Breeze Meeting is secured and that it is using RTMPS while allowing the web application to serve with HTTP (unencrypted).
  7. Save the Adaptor.xml file.
  8. Navigate to the C:\Breeze\comserv\win32\conf\_defaultRoot_\remote\ folder.
  9. Back up the Vhost.xml file.
  10. Open the Vhost.xml file in a text editor.
  11. Search for the line below: 
     <RouteEntry></RouteEntry>
  12. Replace with this line: 
     <RouteEntry protocol="rtmp">*:*;127.0.0.1:1935</RouteEntry>
    Note: For clustering environments, use the following: 
     <RouteEntry protocol="rtmp">*:*;*:1935</RouteEntry>
  13. Save the Vhost.xml file.
  14. Open the C:\Breeze\custom.ini file and add the following lines: 
     # Begin of the SSL configuration DEFAULT_FCS_HOSTPORT=:-443,1935
		
    
	 RTMP_SEQUENCE=rtmps://edge-host:443/?rtmp://host:1935/ #End of the SSL configuration
    Note: Left align these lines.
  15. Save the custom.ini file.
  16. Open the Services in the Control Panel under Administrative Tools. Stop Macromedia Breeze Application Service and Flash Communication Administration Server. This will also stop the Flash Communication Server (FlashCom).
  17. Start Flash Communication Server (FlashCom). This will also start Flash Communication Administration Server. Macromedia Breeze Application Service must also be started.
  18. Login to the Breeze manager to test the SSL configuration by entering http://breeze.adobe.com/. The meeting URL does not contain HTTPS, however, when you login to the meeting room, you will see a lock in the connection light that is located in the upper right hand corner of your meeting room. This is the indication that you are connecting to the meeting securely.
Securing Both the Web Application (HTTPS) and Breeze Meeting (RTMPS):

We will be using 64.1.2.3 and 64.1.2.4 and FQDNs as breeze.adobe.com and meeting.adobe.com respectively for this example. We will not discuss how you obtain the two SSL certificates required. We assume that you have SSL certificates already generated. Note: Securing the meeting using software SSL is not supported on MacIntel based systems.

  1. Logon to the Breeze system.
  2. Navigate to the C:\Breeze\comserv\win32\conf\_defaultRoot_\ folder and back up the Adaptor.xml file.
  3. Open Adaptor.xml in a text editor.
  4. Add these lines after the <Adaptor> directive by copying and pasting (modify only the info that is in italics): 
     <SSL>   <Edge name="meeting">     <SSLServerCtx>       <SSLCertificateFile>C:\breeze\meetingssl.pem</SSLCertificateFile>       <SSLCertificateKeyFile type="PEM">C:\breeze\meetingkey.pem</SSLCertificateKeyFile>       <SSLPassPhrase>mypassphrase</SSLPassPhrase>       <SSLCipherSuite>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</SSLCipherSuite>       <SSLSessionTimeout>5</SSLSessionTimeout>     </SSLServerCtx>   </Edge>   <Edge name="webapp">     <SSLServerCtx>       <SSLCertificateFile>C:\breeze\webappssl.pem</SSLCertificateFile>       <SSLCertificateKeyFile type="PEM">C:\breeze\webappkey.pem</SSLCertificateKeyFile>       <SSLPassPhrase>mypassphrase</SSLPassPhrase>       <SSLCipherSuite>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</SSLCipherSuite>       <SSLSessionTimeout>5</SSLSessionTimeout>     </SSLServerCtx>   </Edge> </SSL>
  5. In the same file, remove this line: 
     <HostPort name="edge1">${DEFAULT_FCS_HOSTPORT}</HostPort>
  6. Replace with these lines: 
     <HostPort name="edge1" ctl_channel=":19350">:1935</HostPort> <HostPort name="meeting" ctl_channel=":19351">64.1.2.4:-443</HostPort> <HostPort name="webapp" ctl_channel=":19352">64.1.2.3:-443</HostPort>
  7. Save the Adaptor.xml file.
  8. Navigate to the C:\Breeze\comserv\win32\conf\_defaultRoot_\remote\ folder.
  9. Back up the Vhost.xml file.
  10. Open the Vhost.xml file in a text editor.
  11. Search for the line below: 
     <RouteEntry></RouteEntry>
  12. Replace with this line: 
     <RouteEntry protocol="rtmp">*:*;127.0.0.1:1935</RouteEntry>
    Note: For clustering environments, use the following: 
     <RouteEntry protocol="rtmp">*:*;*:1935</RouteEntry>
  13. Save the Vhost.xml file.
  14. Open the C:\Breeze\custom.ini file and add the following lines: 
     # Begin of the SSL configuration DEFAULT_FCS_HOSTPORT=:-443,1935 HTTPS_PORT=8443 HTTP_PORT=8080 ADMIN_PROTOCOL=https:// SSL_ONLY=yes RTMP_SEQUENCE=rtmps://edge-host:443/?rtmp://host:1935/ #End of the SSL configuration #NOTE: Left align these lines
    If you are running Breeze 5.1, do not add the following line to the custom.ini file:

    HTTP_PORT=8080

    Instead, launch the Application Management Console on the Breeze server as follows:

    http://localhost:8510/console

    and type 8080 in the HTTP_PORT field, which can be found by clicking the Server Settings link.
  15. Save the custom.ini file.
  16. Open the Services in the Control Panel under Administrative Tools. Stop Macromedia Breeze Application Service and Flash Communication Administration Server. The system will also prompt you to stop the Flash Communication Server (FlashCom).
  17. Start Flash Communication Server (FlashCom). This will automatically start the Flash Communication Administration Server. The Macromedia Breeze Application Service must be started as well.
  18. Launch the Application Console Manager either using http://localhost:8510/console or Start > Programs > Macromedia Breeze > Configure Breeze.
  19. Click the Server Settings and configure as follows: 
     Breeze Host: breeze.adobe.com External Name: meeting.adobe.com
  20. Save the changes.
  21. Login to the Breeze manager to test the SSL configuration by entering https://breeze.adobe.com/
  22. If you see a lock in the center of the connection light that is located in the top right corner of your meeting browser window, that means the meeting is serving over an SSL connection.

To configure software SSL on Adobe Connect 6 Enterprise Server, please review the Configuration Guide (PDF format).

AlertThis content requires Flash

To view this content, JavaScript must be enabled, and you need the latest version of the Adobe Flash Player.

Download the free Flash Player now!

Get Adobe Flash Player

Creative Commons License

Search Support

Document Details

ID:10f5f5a8
OS:Windows (All)

Products Affected:

acrobatconnect