An SSL certificate must be present on the server and https:// protocol must be used for streaming DRM content. The server is by default bound with our *swankmp.net certificate. We can accommodate your SSL cert for your custom URL. Or redirect to a swankmp.net address. Outlined below are the processes for 3 different scenarios.
Option 1: Create a new domain certificate owned by your organization.
- Send the domain name of your choosing to Swank (movies.domain-name.edu)
- Swank will send you back a new certificate request(csr) via encrypted email.
- You will then need to submit the request to an SSL provider.
- Once you receive the certificate back from your provider, you can share the certificate with us. This can be sent via encrypted email or just placed on the Windows customer user account desktop for retrieval.
-
The two main formats we can import to complete a Certificate Signing Request (CSR) in IIS are:
-
*.CER (or *.CRT, *.DER) - We can also use a PEM file that has been saved with a .cer or .crt extension.
-
*.P7B (or *.P7C)
-
-
- Swank will complete the certificate request to IIS on your streaming server and adjust the bindings to match the new certificate
Option 2: Use an existing domain certificate owned by your organization.
- Send the existing certificate in PFX format (including private key) with the password to Swank. This can be sent via encrypted email or just placed on the Windows customer user account desktop for retrieval.
-
Notes:
- PKCS#12 is essentially the same as a PFX and will also work.
-
PKCS#8 format will not work. IIS requires a certificate and private key to be imported together, and it expects them in a PFX format. PKCS#8 only contains the private key, so you'd need to combine it with the certificate (usually in PEM or DER format) and convert it to a PFX. One can be created using the OpenSSL utility. OpenSSL is not typically pre-installed in Windows systems but is usually found on most Linux and UNIX systems.
- Place your private key (with the KEY file name extension) and the certificate (with the CRT file name extension) in a directory. Using the command line interface, navigate to that directory with the cd command.
- Then use the following command to combine the two files into a single PFX -
-
openssl pkcs12 -export -out yourpfxname.pfx -inkey keyfile.key -in crtfile.crt
- Replace yourpfxname.pfx with your preferred name for the final PFX file.
- Replace keyfile.key with the name of the private key file.
- Replace crtfile.crt with the name of the certificate file.
- Create a password for the PFX if prompted to do so.
-
- If the command succeeds you should now find a new file with the PFX extension in the same directory.
-
- Swank copies certificate to server and imports into IIS
- Swank will import the certificate to IIS on your streaming server and adjust the bindings to match the imported certificate.
Option 3: Use the swankmp.net certificate. In this option, you can use the wildcard certificate that is pre-installed on the streaming server, and we will assign a customer specific subdomain / DNS entry to accommodate the SSL requirement.
- Send the sub domain name of your choosing to Swank (custom-name.swankmp.net) and IP address for the streaming server or the existing domain name for the streaming server.
- Swank creates the domain name custom-name.swankmp.net (2 options)
- As a CNAME record to movies.custom-name.edu
- Or as an A record to 10.101.200.221
- Allow for DNS propagation (1 hour)
- Swank will then adjust the bindings on the server to match the new certificate.
Note: You can advertise a custom URL and have the URL redirect to the swankmp.net page. **Your originating link must be HTTP in order to avoid SSL errors in Chrome**
- Example: advertise http://movies.school.edu --> redirects to https://movies-school-edu.swankmp.net
- To implement this, Swank will need to know what URL you will be advertising and will set up the redirect for you. Swank also manages all certificate updates and renewals
Comments
0 comments
Please sign in to leave a comment.