Configuring HTTPS
Zixi Broadcaster supports HTTPS encryption based on OpenSSL. Zixi Broadcaster expects certificate files in X.509 textual format (sometimes called ‘pem’) with a full chain of certificates, each one starts with “----BEGIN CERTIFICATE----", and the associated private key file, that starts with “----BEGIN PRIVATE KEY----". The certificate can be provided by an SSL/TLS certificate provider (Certification Authority) where the domain is registered, such as VeriSign, Digicert, etc.. Alternatively the certificate can be self-signed. A self-signed certificate is a certificate that is signed with its own private key. Self-signed certificates can be used to encrypt data just as well as CA-signed certificates, but your users will be displayed a warning that says that the certificate is not trusted by their computer or browser. Therefore, self-signed certificates should only be used if you do not need to prove your service’s identity to its users (e.g. non-production or non-public servers).Â
Obtaining a CA-signed Certificate
Reach out to the hosting provider for instructions on how to obtain a CA-signed HTTPS certificate. As part of this process, you will be required to generate a certificate signing request (CSR). A CSR consists mainly of the public key of a key pair, and some additional information. Both of these components are inserted into the certificate when it is signed. To learn more about generating a CSR, go to - https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs
Creating a Self-signed Certificate
Instead of obtaining a CA-signed certificate, you can create a self-signed certificate.Â
You can generate self-signed x.509 certs with OpenSSL by using the following command:
openssl req -x509 -newkey rsa:2048 -keyout selfsigned_key.pem -out selfsigned_cert.pem
To learn more about generating a self-signed certificate, go to -Â https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs
Uploading the Certificate and Private Key
After obtaining a CA-signed certificate or creating a self-signed one, you will need to upload the certificate and private key to Zixi Broadcaster.Â
To upload the certificate and private key:
Go to Settings > General.
Click + to expand the HTTPS and DTLS Streaming Certificate section.
In the Certificate Uploaded field, click Upload and select the certificate file. Â
In the Private Key Uploaded field, click Upload and select the Private Key.Â
In the Private Key Passphrase field, type the passphrase or leave empty (Default passphrase is empty, ignore the ‘****’).
Click Apply.Â
If the process was successful, the SSL setup status field will turn to "OK".Â