How HTTPS and WebRTC are connected

Dimitry Zuykov
July 8, 2020
Dimitry Zuykov

To enable users actively participate in TrueConf Server conferences via WebRTC application, you need to set up HTTPS connection on the server and open UDP ports beforehand. Otherwise, users will only be able to attend your conference passively.

If the connection is not safe (HTTP), your guests will see a warning upon opening TrueConf Server or conference webpage from their browser.

How HTTPS and WebRTC are connected 1

HTTPS connection is essential for syncing TrueConf Server when connecting to TrueConf Directory.

How to set up HTTPS connection

You will need SSL certificate file in X.509 (.сrt) format and a corresponding private key (.key).

There are two types of certificates: commercial and self-signed.

Self-signed certificate is free. You can generate this certificate for TrueConf Server by yourself from the control panel. The certificate is valid for 365 days (and prolonged further without limits). It can be used for WebRTC application testing. However, each conference participant should manually add it to the trust list in their browser.

Trusted certificate is fully functional and secured. However, this certificate is paid. Here’s where you can get it:

How to use trusted certificate in TrueConf Server

Before you buy SSL certificate make sure your TrueConf Server is accessible by its domain name (e.g. server.mycompany.com) from the internet. Domain name and server name given during TrueConf Server registration must be the same.

Open TrueConf Server control panel and choose Use custom certificate in Web→ HTTPS section (HTTPS configuration).

certcustom

Enter the HTTPS port that can be accessed from the internet in the field that appears. By default standard TCP Port 443 is used.

httpsport

After that upload certificate and its key files to the corresponding fields of Custom certificate block.

certcustom2

During the download process certificate format, key format and certificate/key correspondence are checked. If at least one check fails then added certificate and key files will not be saved.

After the files have been uploaded, added certificate notification will appear.

How HTTPS and WebRTC are connected 2

How to create self-signed certificate

Open TrueConf Server control panel, proceed to Web → HTTPS section and press Create new SSL certificate button.

How HTTPS and WebRTC are connected 3

When this certificate expires, you can generate a new one.

How to convert SSL certificate to .crt format to set up HTTPS connection

TrueConf Server requires an SSL certificate for HTTPS connection. If the file extension is not .crt, you need to convert the certificate to this format. For this purpose, you can use open-source OpenSSL libraries pre-installed on Linux-based platforms. However, if you want to use the libraries on Windows, you can download them by following the link.

Depending on the certificate file extension, you may convert it in two steps:

  • conversion into the .pem format
  • conversion into the .crt format

Converting the certificate file into a PEM file

  • from .der extension

openssl x509 -inform der -in certificate.cer -out certificate.pem

  • from .p7b extension

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

  • from .pfx extension

openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

To convert a .pfx file, you need to enter the password you have specified when exporting a .pfx certificate.

Converting to .crt

openssl x509 -outform der -in certificate.pem -out certificate.crt

Sometimes, browsers may show a warning that your HTTPS certificate is untrusted. To remove the warning, you need to add an intermediate certificate when configuring an HTTP server. It is needed for testing HTTPS connection established with the help of an SSL certificate.

Complete the following actions to add an intermediate certificate:

  1. Open root, intermediate and end-entity server certificates in Notepad.
  2. Copy the content of the intermediate certificate and paste it at the end of the end-entity server certificate.
  3. Repeat step 2 for the root certificate.
  4. Save changes in the root certificate.
If root and intermediate certificates were not in the package, you can download them from the official website of a certification authority.

Check TrueConf Server configuration once the certificate has been installed

Incorrect port data or certificate parameters may result in TrueConf Server launch issues next time, and your administrator might lose access to the server control panel.  

You can initiate HTTPS server configuration without restarting it by pressing Test Configuration button (Web→ HTTPS→HTTPS Configuration in TrueConf Server control panel).

httptest

If your certificate is installed correctly (HTTPS port must also be accessible) you will see The configuration has been successfully tested string. 

Press Apply after you’ve tested the configuration. Server service will be restarted.

selfsigned

If you have problems with configuration testing, please contact our technical support.

If you don’t need to use HTTPS connection you can also disable it in the corresponding control panel section.

Are you managing TrueConf Server? We have a special offer for you!

Thank you for choosing TrueConf! We are launching a limited-time offer to collect your valuable feedback about our products. Write a review about your TrueConf experience and we will give you $10 gift cards as a thank you for your comments and ideas. Learn more.

Still have questions? Please contact our support team directly via online chat.

Sign up for newsletter