Major Description
For some browsers (Firefox), in case multiple KMS servers are used, they require each KMS to use the same certificate.
See: https://doc-kurento.readthedocs.io/en/latest/features/security.html#media-plane-security-dtls
This requires configuring the certificate on Kurento, but it also requires setting the certificate type during creation of the WebRtcEndpoint:
;; Certificate used for DTLS authentication. ;; ;; If you want KMS to use a specific certificate for DTLS, then provide it here. ;; You can provide both RSA or ECDSA files; the choice between them is done when ;; calling the WebRtcEndpoint constructor. ;; ;; If this setting isn't specified, a different set of self-signed certificates ;; is generated automatically for each WebRtcEndpoint instance. ;; ;; This setting can be helpful, for example, for situations where you have to ;; manage multiple media servers and want to make sure that all of them use the ;; same certificate. Some browsers, such as Firefox, require this in order to ;; allow multiple WebRTC connections from the same tab to different KMS. ;; ;; Absolute path to the concatenated certificate (chain) file(s) + private key, ;; in PEM format. ;; ;pemCertificateRSA=/path/to/cert+key.pem ;pemCertificateECDSA=/path/to/cert+key.pem
=> "the choice between them is done when ;; calling the WebRtcEndpoint constructor."
I tried this out, it is required to set the Certificate during the calling the constructor, just configuring it in KMS will not fix it.
Attachments
Issue Links
- links to