Macromedia flash media server 2-managing flash media server Manual De Usuario
SSL support in Flash Media Server
65
Creating multiple certificates for an adaptor
You can configure Flash Media Server to return multiple certificates on a given adaptor by
configuring a certificate for each edge server:
configuring a certificate for each edge server:
■
Configure each
HostPort
tag in the Adaptor.xml file with a
name
attribute.
■
Configure each
HostPort
tag to return its own certificate by specifying an
Edge
tag under
the
SSL
tag with a
name
attribute.
■
Match the value for this
name
attribute to the
name
attribute of the
HostPort
tag for this
certificate.
For example, suppose you had the following two
HostPort
tags:
<HostPort name="edge1" ctl_channel=":19350">:1935,-443</HostPort>
<HostPort name="edge2" ctl_channel=":19351">:1936,-444</HostPort>
<HostPort name="edge2" ctl_channel=":19351">:1936,-444</HostPort>
In this case, the
SSL
tag would contain the following information:
<SSL>
<SSLServerCtx>
<SSLCertificateFile>cert.pem</SSLCertificateFile>
<SSLCertificateKeyFile>private.pem</SSLCertificateKeyFile>
<SSLPassPhrase></SSLPassPhrase>
<SSLCipherSuite>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</SSLCipherSuite>
<SSLSessionTimeout>5</SSLSessionTimeout>
</SSLServerCtx>
<Edge name="edge1">
<SSLCertificateFile>cert.pem</SSLCertificateFile>
<SSLCertificateKeyFile>private.pem</SSLCertificateKeyFile>
<SSLPassPhrase></SSLPassPhrase>
<SSLCipherSuite>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</SSLCipherSuite>
<SSLSessionTimeout>5</SSLSessionTimeout>
</SSLServerCtx>
<Edge name="edge1">
<SSLServerCtx>
<SSLCertificateFile>cert2.pem</SSLCertificateFile>
<SSLCertificateKeyFile>private2.pem</SSLCertificateKeyFile>
<SSLPassPhrase></SSLPassPhrase>
<SSLCipherSuite>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH<SSLCipherSuite>
<SSLSessionTimeout>5</SSLSessionTimeout>
<SSLCertificateKeyFile>private2.pem</SSLCertificateKeyFile>
<SSLPassPhrase></SSLPassPhrase>
<SSLCipherSuite>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH<SSLCipherSuite>
<SSLSessionTimeout>5</SSLSessionTimeout>
</SSLServerCtx>
</Edge>
</SSL>
This sample code demonstrates how to configure
"edge1"
to return
cert2.pem
when a client
connects to it on port 443. Since there is no
Edge
tag for
"edge2"
,
"edge2"
will use the
default configuration specified in the
SSLServerCtx
section that is directly under the
SSL
container tag. The
"edge2"
server returns
cert1.pem
when a client connects to it on port
444.