On-Premise Streaming - Server SSL Certificate

An SSL certificate must be present on the server and https:// protocol must be used for streaming DRM content. The server is by default bound with our *swankmp.net certificate. We can accommodate your SSL cert for your custom URL. Or redirect to a swankmp.net address. Outlined below are the processes for 3 different scenarios.

Option 1: Create a new domain certificate owned by your organization.

1. Send the domain name of your choosing to Swank (movies.domain-name.edu)
2. Swank will send you back a new certificate request(csr) via encrypted email.
3. You will then need to submit the request to an SSL provider.
4. Once you receive the certificate back from your provider, you can share the certificate with us. This can be sent via encrypted email or just placed on the Windows customer user account desktop for retrieval.
5. Swank will complete the certificate request to IIS on your streaming server and adjust the bindings to match the new certificate

Option 2: Use an existing domain certificate owned by your organization.

1. Send the existing certificate in PFX format (including private key) to Swank. This can be sent via encrypted email or just placed on the Windows customer user account desktop for retrieval.
2. Swank copies certificate to server and imports into IIS
3. Swank will import the certificate to IIS on your streaming server and adjust the bindings to match the imported certificate.

Option 3: Use the swankmp.net certificate.  In this option, you can use the wildcard certificate that is pre-installed on the streaming server, and we will assign a customer specific subdomain / DNS entry to accommodate the SSL requirement.

1. Send the sub domain name of your choosing to Swank (custom-name.swankmp.net) and IP address for the streaming server or the existing domain name for the streaming server.
2. Swank creates the domain name custom-name.swankmp.net (2 options)
   1. As a CNAME record to movies.custom-name.edu
   2. Or as an A record to 10.101.200.221
3. Allow for DNS propagation (1 hour)
4. Swank will then adjust the bindings on the server to match the new certificate.

Note: You can advertise a custom URL and have the URL redirect to the swankmp.net page. **Your originating link must be HTTP in order to avoid SSL errors in Chrome**

• Example: advertise http://movies.school.edu --> redirects to https://movies-school-edu.swankmp.net
• To implement this, Swank will need to know what URL you will be advertising and will set up the redirect for you. Swank also manages all certificate updates and renewals