Adobe Connect SSL Install and CSR Creation Guide

Adobe Connect is a web conferencing software solution used by companies for conducting online meetings, webinars and training sessions. The solution is for adhoc collaboration as well as planned online meetings. The solution enables online audio and video collaboration across devices (including mobile platforms). Participants using desktops can join meetings without installing any software.

Adobe Connect Webinars offers features such as email integration and conference rooms that can be customized by users. The application also includes visualization tools such as polls, chat, whiteboards, and a console for mixing video streams for increasing participant engagement.

Adobe Connect has a web-based learning solution designed for interactive training. Presenters can monitor participant engagement, create persistent virtual classrooms, and integrate the software with an existing learning management system (LMS). Features such as games, quizzes, tests, and surveys allow businesses to use Adobe Connect in place of learning management system (LMS). Trainers can train employees directly from their mobile devices.

This guide will carry you through the following:

  1. Things you need
  2. CSR generation on adobe connect 7 pro
  3. SSL installation

1. Things you need

Depending on what you want to configure SSL for you need to have the following ready:

    1. If you want to configure SSL for both application (http) and meeting (rtmp) you need to have a second IP address for your server and a have a second DNS entry resolve to the second IP.
    2. If you want to configure SSL for both, application and meeting service, you need to request two certificates for your two names. I.e. one for “connect.mycompany.com” and one for “meeting01.mycompany.com”.

(Note, the second name used on the meeting server stays hidden from participants). Don’t use a passphrase on your SSL keys.

  1. If you also want to configure SSL for the AEM based Events service, you’ll need two more IPs and two more names and two more certificates.
  2. Your certificates should be in a .pem format and SSL key and cert should be in separate files.
  3. Unless you want to use another external device to terminate SSL such as a load balancer, you will need the Stunnel installer, so download the latest and greatest version now: http://www.stunnel.org/downloads.html.

2. Creating CSRs and Private Keys in Adobe Connect 7 Pro

You will need to create two private keys and certificate signing request files.Visit openssl.org and download the required version of openssl software on your server. Make sure to use connect.yourdomain.com as the common name for the first request and connectmeeting.yourdomain.com as the common name for your second request.

You will have two key files and two CSR files. You will send the CSRs to CA along with your certificate orders or reissue requests. Add a .pem extension to your .key files. (They should be named connect.yourdomain.com.key.pem and connectmeeting.yourdomain.com.key.pem, respectively).

Copy your .pem keys from the previous step to Adobe Connects root install folder. These files will be used for installing your certificates once you receive your signed certificate files back from your CA.

3. SSL Installation in Adobe Connect 7 Pro

You will be able to continue with your certificate installation once your order has been validated and you have received your signed cert files from CA. These will be sent to you in an email, or can be downloaded inside your account by clicking on the order number once the certificates have been issued.

  • Open your .pem keys separately like you would open any text file (you should see an encrypted text string starting with BEGIN and END tags.
  • Open the connect_yourdomain_com.crt and connectmeeting_yourdomain_com.crt files that you received back from DigiCert, also as text files.
  • Copy and paste the entire text (including begin and end tags) of each certificate file into the respective .key.pem files immediately after (on the next line of text) the END tag of the keys.
  • Next open your intermediate.crt file (this will be the same for both certificates) and paste the body of this file at the very bottom of both text files, after the end tags for the server certificates.
  • DNS entries for connect.yourdomain.com and connectmeeting.yourdomain.com should be set up already, make sure you do not have any host entries on the server for testing purposes for these two entries before completing your SSL installation.
  • Open and backup [path_to\comserv\win32\conf_defaultRoot\Adaptor.xml]. Replace the SSL block (a little more than halfway down) with the following block of text, replacing text in brackets with the information applicable to your configuration:
    <SSL>
    <Edge name=”applicationserver”>
    <SSLServerCtx>
    <SSLCertificateFile>[<connect install path>\\connect.mydomain.com.key.pem]</SSLCertificateFile>
    <SSLCertificateKeyFile type=”PEM”>[<connect install path>\\connect.mydomain.com.key.pem]</SSLCertificateKeyFile>
    <SSLPassPhrase>mypassphrase</SSLPassPhrase>
    <SSLCipherSuite>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</SSLCipherSuite>
    <SSLSessionTimeout>5</SSLSessionTimeout>
    </SSLServerCtx>
    </Edge>
    <Edge name=”meetingserver”>
    <SSLServerCtx>
    <SSLCertificateFile>[\\connectmeeting.mydomain.com.key.pem]</SSLCertificateFile>
    <SSLCertificateKeyFile type=”PEM”>[\\connectmeeting.mydomain.com.cert.cer]</SSLCertificateKeyFile>
    <SSLPassPhrase>mypassphrase</SSLPassPhrase>
    <SSLCipherSuite>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</SSLCipherSuite>
    <SSLSessionTimeout>5</SSLSessionTimeout>
    </SSLServerCtx>
    </Edge>
    </SSL>
  • Find the </hostportlist> node in the same adaptor.xml file. There will probably be a line of uncommented text similar to the following:
    <hostport name=”edge1″>$Unknown macro: {DEFAULT_FCS_HOSTPORT}</hostport>
  • Replace that entire block of text with the following text:
    <HostPort name=”applicationserver”ctl_channel=”:19351″>your application server ip:-443</HostPort>
    <HostPort name=”meetingserver”ctl_channel=”:19350″>your meeting server ip:-443</HostPort>
  • Next, [<connect install path>\\custom.ini] and add the following code to the very end of that file:
    ADMIN_PROTOCOL= http://\\\\
    SSL_ONLY=yes
    HTTPS_PORT=8443
    RTMP_SEQUENCE=rtmps://external-host:443/?rtmp://localhost:8506/
  • Now open and backup your VHost.xml file at [<connect install path>\\comserv\\win32\\conf_defaultRoot_defaultVHost_\\VHost.xml]
  • Your RouteEntry node should be empty. Find that section and replace it with:
    <RouteEntry protocol=”rtmp”>:;*:$
    Unknown macro: {ORIGIN_PORT}
    </RouteEntry>
    Once you have replaced this section, save and close the VHost.xml file.
  • Restart the Adobe Connect Enterprise Server & Adobe Connect Meeting Server services.
  • Open the Application Management Console by going to http://localhost:8510/console, and under Server Settings, change the Connect Pro Host to your connect.mydomain.com domain, and the Host Mappings External Name to connectmeeting.mydomain.com.
  • Once again, go ahead and restart the Adobe Connect Enterprise Server & Adobe Connect Meeting Server services.

Your Adobe Connect server should now work properly, and force all non-secure traffic over to SSL.

We hope this guide helped you with this easy process. If you are unable to use these instructions, Acmetek recommends that you contact either the vendor of your software or the hosting organization that supports it.

Recent Posts

S/MIME for Outlook O365 Windows

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »