Setting Up Adobe Connect With SSL

Feb 02, 2009

This is a full walkthrough; I'm writing this due to a few speed bumps that I ran into when installing Adobe Connect 7 Pro with SSL for the first time and due to the number of people that I found who were maybe even more confused than myself. Now that my install is working, the Adobe documentation seems very clear to me and I have no idea why I had issues, so I will attempt to slightly clarify what has already been written as well as add in some extra information and steps to smooth out the bumps. This install process will take you from the very beginning to very end of setup [after initial install].

  1. Download OpenSSL from SourceForge (complete package except source)
  2. Run [<openssl install path>\bin\openssl.exe]
    • This will open an OpenSSL command prompt

  3. Generate your private keys which will be put into your [<openssl install path>\bin] directory by running
    • genrsa –des3 –out connect.mydomain.com.key.pem 1024
    • genrsa –des3 –out connectmeeting.mydomain.com.key.pem 1024

  4. Generate your certificates signing request which will be put into the same directory as above by running the below commands. If you are running this on windows, you maybe get an "Unable to load config info" error. If you do add the argument [-config "<openssl install path>\share\openssl.cnf"]
    • req –new –key connect.mydomain.com.key.pem –out connect.mydomain.com.csr
    • req –new –key connectmeeting.mydomain.com.key.pem –out connectmeeting.mydomain.com.csr

  5. Fill out the resulting answers from running the commands in step 4, ignoring email address, challenge password and the optional company name. (at the end)

  6. Send your generated PEM files to your Certificate Authority to get your certificates

  7. Copy your PEM keys from step 4 into the root install folder of Adobe Connect
    1. Open them both with your text editor of choice.
    2. Now open the two certificates (.cer files) that you recieved from your certificate authority (from step 6) also with your text editor of choice.
    3. Now paste the contents of each .cer file to the end of it's respected .pem file.
  8. Your connect.mydomain.com and connectmeeting.mydomain.com DNS entries should already be configured
    • Make sure that you don't have any HOST entries on the server for testing purposes for these 2 entires. I believe this cause an issue for me.

  9. Open [<connect install path>\comserv\win32\conf\_defaultRoot_\Adaptor.xml]. After making a backup, Replace the <SSL>*</SSL> block a little more than half way down with the following and updating the bracketed & bolded text with your own information.
    <SSL>
          <Edge name="applicationserver">
                <SSLServerCtx>
                      <SSLCertificateFile>[<connect install path>\connect.mydomain.com.key.pem]</SSLCertificateFile>
                      <SSLCertificateKeyFile type="PEM">[<connect install path>\connect.mydomain.com.key.pem]</SSLCertificateKeyFile>
                      <SSLPassPhrase>[mypassphrase]</SSLPassPhrase>
                      <SSLCipherSuite>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</SSLCipherSuite>
                      <SSLSessionTimeout>5</SSLSessionTimeout>
                </SSLServerCtx>
          </Edge>
          <Edge name="meetingserver">
                <SSLServerCtx>
                      <SSLCertificateFile>[<connect install path>\connectmeeting.mydomain.com.key.pem]</SSLCertificateFile>
                      <SSLCertificateKeyFile type="PEM">[<connect install path>\connectmeeting.mydomain.com.cert.cer]</SSLCertificateKeyFile>
                      <SSLPassPhrase>[mypassphrase]</SSLPassPhrase>
                      <SSLCipherSuite>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</SSLCipherSuite>
                      <SSLSessionTimeout>5</SSLSessionTimeout>
                </SSLServerCtx>
          </Edge>
    </SSL>

  10. In the same Adaptor.xml file as above, fine the <HostPortList> node. There will most likely only be one uncommented line that will look like:
    <HostPort name="edge1">${DEFAULT_FCS_HOSTPORT}</HostPort>
    Replace this node with the following 2
    <HostPort name="applicationserver" ctl_channel=":19351">[your application server ip]:-443</HostPort>
    <HostPort name="meetingserver" ctl_channel=":19350">[your meeting server ip]:-443</HostPort>
    Save and Close the Adapter.xml file

  11. Open [<connect install path>\custom.ini] and add to the end of the file the following code:
    ADMIN_PROTOCOL = https://
    SSL_ONLY = yes
    HTTPS_PORT = 8443
    RTMP_SEQUENCE = rtmps://external-host:443/?rtmp://localhost:8506/
    You will not change ANYTHING in this code block, leave as is.
    Save and Close the custom.ini file

  12. Open [<connect install path>\comserv\win32\conf\_defaultRoot_\_defaultVHost_\VHost.xml]. After making a backup, find the <RouteEntry> node, which should be empty:
    <RouteEntry></RouteEntry>
    And replace it with:
    <RouteEntry protocol="rtmp">*:*;*:${ORIGIN_PORT}</RouteEntry>
    There is no need to make any changes to this entry.
    Save and Close the VHost.xml file

  13. Restart Services: Adobe Connect Enterprise Server & Adobe Connect Meeting Server

  14. Open the Application Management Console
    1. http://localhost:8510/console
      OR
    2. Start» All Programs» Adobe Connect Enterprise Server» Configure Adobe Connect Enterprise Server

  15. Under Server Settings
    1. Change the Connect Pro Host to your: connect.mydomain.com
    2. Change the Host Mappings External Name to: connectmeeting.mydomain.com

  16. Restart Services: Adobe Connect Enterprise Server & Adobe Connect Meeting Server


Your Adobe Connect server should now be responsive and force over anyone who comes in on port 80 over to SSL. Please feel free to add with comments any further suggestions to this install path!

Related Post: Adobe Connect's API From ColdFusion With SSL

Comments (12)

Comments

cc

cc wrote on 02/05/09 4:53 PM

Hi there, your example of the SSL conf for the application server in adaptor.xml uses the same pem file for key and cert. In my experience this will fail or at least generate some nasty warnings. Since you have aseperate key and cert file for the meeting server I guess this is just a mistake?
Russell Brown

Russell Brown wrote on 02/06/09 12:25 PM

My usage of them PEM is by the book per Adobe's setup recommendations; it's just not horribly obvious, nor are you told how to do it. My first thoughts as well were that this won't work, but it does. The order in which you have your certs is EXTREMELY important and if you follow my setups guide, it should get you exactly what is needed. We've been running with production setup of this for 3 days with no SSL issues.
Matt

Matt wrote on 03/05/09 4:08 AM

Excellent walkthrough! We were just starting to look at SSL for Adobe Connect 7 Pro, so this is really useful. Ultimately we would want SSL for the authentication only and non-encrypted traffic for the rest. Do you know if that's possible?
Russell Brown

Russell Brown wrote on 03/05/09 8:24 AM

There are 4 ways you can configure Adobe Connect and SSL:
  1. No SSL
  2. All SSL
  3. SSL on application server only
  4. SSL on meeting server only

I'm guessing you will want option number 4. This wont allow you to wrap ONLY authentication in SSL, but at least just your user web-interface will be and your meetings will be over http.
Matt

Matt wrote on 03/06/09 3:47 AM

Thanks!
Brad

Brad wrote on 03/16/09 5:49 PM

Actually Matt, you will want #3. This secures the authentication portion, but leaves the meeting portion in RTMP rather than RTMPS.

The authentication happens in the Application, not the meeting server.

As for the cc's post. Both will work. You can put the private key in the same file or in a different file.

Also, one thing to note is that you could use a wildcard certificate and point both the meeting app and the web app to the same wildcard certificate. This is often less expensive if you have a cluster of Connect servers that you want to secure.

Also, please make sure to get the SSL patch from Adobe Support if you are running Connect 7. 7 SP3 will include the patch but it is not released yet.

Cheers,
Brad
Jared S

Jared S wrote on 03/27/09 1:27 PM

Great walk through,

We are in the process of securing our connect server. We realize that Adobe states in their documentation that "you must have an ssl certificate for each meeting server." Why is this? If the dns configuration is simply managed with sub domains, won't one certificate handle all subdomains, and thus all meeting servers?
JP

JP wrote on 04/09/09 12:02 AM

Thanks for the info, you really can find anything on a google search!
Harva

Harva wrote on 09/20/09 2:38 PM

Good afternoon. Vegetarianism is harmless enough, though it is apt to fill a man with wind and self-righteousness.
I am from Kuwait and learning to write in English, please tell me right I wrote the following sentence: "Blank gant chart, mostly in the many visions, if such a engineering faced even improve a design in format, streets together offered that the world had notably strategically purchased the same crew in image."

Best regards :-), Harva.
Suzan

Suzan wrote on 02/18/10 10:31 AM

Question: Our Adobe connect is hosted with Adobe. My adobe connect url is www.workforce.acrobat.com. But I want it to be www.webinars.workforcecentralflorida.com to help my website rankings and have my videos found easier. Any idea of how to do this or even if it is possible? Would appreciate your assistance. Thanks..
Russell Brown

Russell Brown wrote on 02/18/10 10:34 AM

I would contact Adobe hosting support. I'm not sure if they support this.
Suzan

Suzan wrote on 02/18/10 2:32 PM

I contacted my vendor and he said "no". Just thought that company's like Wordpress offer this option. Thanks for responding...

Write your comment



(it will not be displayed)



Subscribe to this comment thread




Categories

Monthly Archives

Feeds