Antmedia LDAPS Integration

[Iuri]

Hi!

I've been using Ant Media CE and so far I was able
to enable https (port 5443) and LDAP user authentication (port 589).

My LDAPS has a server certificate that was signed by the same CA that signed the Antmedia server certificate.

As far as I know, I must also add the LDAPS server certificate to Antmedia keystore file. Is that possible? How do I do that?

Regards

[Iuri]

I've been getting this error on my LDAP server (openldap):

closed (TLS negotiation failure)

[Selim Emre]

Hi Luri,

Have a good day. Sorry for the delay.

As I understand you want to compatible your SSL certificates with Ant Media Server. If you want to use specific SSL certificates in Ant Media Server, you need to change http.ssl_certificate_file, http.ssl_certificate_key_file and http.ssl_certificate_chain_file parameters from conf/red5.properties file. You can use Ant Media Server only one SSL certificate file. We haven't yet worked on multiple certificates working at Ant Media Server. I think it might be a good feature request. Thank you for that.

As far as I know, I must also add the LDAPS server certificate to Antmedia keystore file. Is that possible? How do I do that?

Are you sure you want to add your certificates to Ant Media Server? We don't have much experience with LDAPS. I just want to understand your case. Why are you want to add your certificates to Ant Media Server?

Looking forward to hearing from you soon. 

Best Regards,

Selim

[Iuri]

Hi Selim!

Thank you for your response. After reading several articles on the internet, I found out that the certificate must have the SAN (subject alternative name).

Then, I had to load the certificate to the cacert keystorein /usr/lib/jvm/java-11-openjdk-amd64/lib/security

sudo keytool -import -file /<location>/<ldadcertificate.pem> -keystore cacerts

Now, everything works fine.

Best regards,

Iuri

[Selim Emre]

Hi Luri,

Thank you for updating me. I am glad your issue was resolved.

Best Regards,

Selim