Posts in Category "SSL"

Adobe Connect Edge Server Deployment Options: part 1

This article focuses on reverse proxy Connect Edge deployments: http://www.connectusers.com/tutorials/2011/06/edge_server_deploy/index.php

Changing the Help Links to use HTTPS://

For Licensed (On-Prem) Adobe Connect systems, the Help Links will still use HTTP:// instead of HTTPS:// if you have configured SSL for the web application.

To change the protocol for the help pages from http:// to https:// you will need to make a modification to the following file on each server in the Adobe Connect cluster:

\Connect\9.0.0.1\appserv\apps\system\help_redirect.xsl
The section you need to modify is:

<xsl:variable name=”redirectUrl”>

<xsl:choose>

<xsl:when test=”($configurableWebappHelp!=” and /results/params/param[@name=’help’]=$isWebappHelp)”>

<xsl:value-of select=”$configurableWebappHelp”/>

</xsl:when>

<xsl:when test=”($configurableLoginHelp!=” and /results/params/param[@name=’help’]=$isLoginHelp)”>

<xsl:value-of select=”$configurableLoginHelp”/>

</xsl:when>

<xsl:when test=”$HELP_HOST!=””>

<xsl:value-of select=”concat(‘http://‘, $HELP_HOST, ‘/’, $localeId, /results/params/param[@name=’help’])”/>

</xsl:when>

<xsl:otherwise>

<xsl:value-of select=”concat(‘http://‘, $ADMIN_HOST, ‘/common/help/’, $locale, /results/params/param

[@name=’help’])”/>

</xsl:otherwise>

</xsl:choose>

</xsl:variable>

 

Changing the http:// to https:// in both lines.
Save the file.
Then restart the Adobe Connect Service on each server in the cluster after making the change.

Securing Adobe Connect and CQ with Stunnel

We have created a PDF with step by step instructions to secure all the four components of Connect which are Web App, Meeting App, CQ Author and CQ Publish. Please go through the following Tech Note : http://helpx.adobe.com/adobe-connect/kb/secure-connect-cq.html

 

Generating the new SSL certificates for my Adobe Connect server.

ISSUE -: I want to purchase/deploy SSL certificates for my connect server.

SOLUTION -: This document is valid for software/hardware SSL configuration with Adobe connect server.

1. Download Openssl from here openssl

2. Follow the steps 2,3 and 4 from kbdoc http://blogs.adobe.com/connectsupport/generating-self-signed-certificates-for-adobe-connect/

3. Open command prompt and execute the command

cd C:\openssl\bin

openssl req -new -nodes -keyout myserver.key -out server.csr -newkey rsa:2048

This creates a two files on C:\openssl\bin

The file myserver.key contains a private key; do not disclose this file to anyone.

The file server.csr is Certificate Signing Request (CSR).

You will now be asked to enter details to be entered into your CSR.
What you are about to enter is what is called a Distinguished Name or a DN.

For some fields there will be a default value, If you enter ‘.’, the field will be left blank.

—–
Country Name (2 letter code) [US]: US
State or Province Name (full name) []: Texas
Locality Name (eg, city) []: Houston
Organization Name (eg, company) []: Your Company
Organizational Unit Name (eg, section) []: Your Department
Common Name (eg, YOUR name) []: my.connect.server.com
Email Address []:

Please enter the following ‘extra’ attributes to be sent with your certificate request

A challenge password []:
An optional company name []:
—–

Use the name of the connect server domain name as Common Name (CN).

The fields optional company name and challenge password can be left blank

Your CSR would now have been created on C:\openssl\bin . Open the server.csr in a text editor and copy and paste the contents into the trusted Certificates Issuing Authority (CIA) ( like verisign , thawte) enrollment form where you are requesting the SSL certificates to be generated.

Once the SSL certificates has been published via CIA  you can use it as SSL certificate file along with the key file myserver.key generated on step 3

Adobe Connect Stunnel prompting for passphrase when server/services restarts

PROBLEM -: Whenever the connect server is restarted , I cannot open the login page/meeting room stuck on connecting bar.

I have migrated/installed the SSL configuration to stunnel , When i start stunnel service , it prompts for passphrase

SOLUTION -: It looks like the key file has the passphrase and it needs to be removed.

1. Make sure that the S-Tunnel executable has been installed as a windows service and is set to automatic.

You can install the stunnel as windows service as per the steps below

Open command prompt and change the current prompt to stunnel directory as – cd C:\Breeze\x.x.x.x\stunnel

stunnel.exe -install

2. If you have a passphrase on your SSL certificates , Remove it using openssl command

You can download openssl from here openssl

To install openssl , follow the steps 2,3 and 4 from kbdoc http://blogs.adobe.com/connectsupport/generating-self-signed-certificates-for-adobe-connect/

3. Open Command Prompt and execute the command

cd C:\openssl\bin

openssl rsa -in certificate.key.current -out server.key.new

4 . The above command looks for certificate.key ( exsisting SSL key file) , removes the passphrase and generates the new key file server.key.new

5. Copy the server.key.new file , rename it according to the existing key file name convention under stunnel folder.

6. Restart the stunnel service to verify that the key file does not prompts for passphrase.

 

Generating Self signed certificates for Adobe Connect

PROBLEM -: I want to generate self signed certificates for our internal testing purpose. I need to apply SSL certificates on my connect server

SOLUTION :-

Please note that Adobe does not supports self signed certificates on production enviroment.

This is for internal testing purpose.

1. Download OpenSSL , You can download it from here openssl

2.Extract it on C:\

3. Windows 7/vista users might have to gain/allow the administrative rights prompt to extract/copy the files on C:\ , Alternate is to copy the openssl.zip file on any other location , unzip it and copy the extracted openssl folder on C:\

4. Make sure that the openssl.exe is located on C:\openssl\bin folder

5. Open command prompt and execute the command

cd C:\openssl\bin

openssl.exe req -x509 -nodes -days 365 -newkey rsa:2048 -keyout meeting-domain.com.key -out meeting-domain.com.crt

Provide the following information while generating the certificate files

Country Name

State/Province Name

Locality Name

Organization Name

Organization Unit Name

Common Name 

EMail Address

 

I have attached a screenshot for reference , Make sure that you provide the exact domain name of your connect server on common name information as highlighted in screenshot as well as in above step

 

When the process is completed , This would generate two files on C:\openssl\bin named as -:

meeting-domain.com.crt      –> Certificate file.

meeting-domain.com.key    –> Key file.

 

These two files (Certificate and key file)  are self signed SSL certificates and can be used to secure either the meeting connection or application server having the domain name my.connect.server.domain.com  as per the screenshot or as per the common name provided by you.

You can follow the SSL KB Doc to configure the SSL certificate/key file on your Adobe connect server

 

Adobe Connect connection test page fails in step 2 on Google Chrome

PROBLEM : – Adobe connect meeting connection test page fails in connection to FMS on Google chrome even though i have removed MS Patch (MS12-006 )which is conflicting with the TLS/SSL handshake

The same test page successfully completes step 2 on firefox web browser

Sample connection test page URL -: https://your-connect-url/common/help/en/support/meeting_test.htm

SOLUTION -: This is applicable when connect server is secured via SSL and chrome browser has Flash Pepper (PPAPI) plug-in

 Disable the default Flash Pepper (PPAPI) plug-in in Chrome 21 as per the screenshots

  

  1. Type chrome://plugins in a browser tab (Figure 1).
  2. Expand Details in the upper-right area of the screen (Figure 1).
  3. Click Disable for the PPAPI Flash plug-in. Ensure that the NPAPI Flash plug-in listed below the PPAPI Flash plug-in is not disabled.
  4. Refresh the browser tab.

 

Adobe Connect 8 | Login page not coming up after upgrade | SSL

Problem :

I upgraded my Adobe Connect 7 server to version 8 and I can’t get the login page to come up. I tried connecting to the admin console through localhost:8510/console and it doesn’t get through that either.

Reason :

Adobe Connect 8 requires an additional modification, in the configuration files, for SSL to be enabled. Starting Connect 8, we need to enable, the 8443 connector separately for SSL to work; the connector is turned off by default.

Solution :

If you have SSL configured and you are performing an upgrade to version 8, you are required to follow these steps, to enable SSL completely :

√ Navigate to {root}\Breeze\appserv\conf   folder on your Adobe Connect server

√  Save a backup copy of server.xml file

√  Now open the file in an editor

√  Search for the below tags and ensure that these lines are uncommented :

<Executor name=”httpsThreadPool”
namePrefix=”https-8443-“
maxThreads=”350″
minSpareThreads=”25″/>

<Connector port=”8443″ protocol=”HTTP/1.1″
executor=”httpsThreadPool”
enableLookups=”false”
acceptCount=”250″
connectionTimeout=”20000″
SSLEnabled=”false”
scheme=”https”
secure=”true”
proxyPort=”443″
URIEncoding=”utf-8″/>

√  Please note that these are two separate tags which can be located separately within the file.

√  Save the file and restart the Adobe Connect services.

 

Note  :  These settings are also applicable for your Adobe Connect 9 server with SSL configured.

 

Adobe Connect 8 unusual Firefox script errors

Problem :

My Adobe Connect site keeps displaying unusual javascript code or errors. Randomly, the images & content does gets partially loaded, but none of the links are usable. I am unable to browse my site or do anything on the server. I have tried all the latest browsers FF 11 & later, Chrome, IE9.

Reason :

If you’ve recently upgraded your Adobe Connect server to version 8 & you’re still continuing to use the legacy method to implement ssl through adaptor.xml, you are very likely to run into this issue, with the latest browser updates.

Solution :

Use Stunnel, the recommended and supported method, to secure your Adobe Connect 8 server. Stunnel comes with a support for the latest Openssl libraries and thus has compatibility, across all latest browser versions.

Adobe Connect has dropped support for the old method, configuring ssl through adaptor.xml. Adobe recommends users to start using Stunnel, which comes bundled with Connect 8 install, a more pertinent way to secure your server; & avoid running into any abnormal issues.

If you would like to know the steps to configure Stunnel, you may simply refer the following knowledge base article : http://helpx.adobe.com/adobe-connect/kb/configure-software-based-ssl-connect.html

Note : Contact Adobe Support if you come across any issues while setting this up.