Enabling secure communication between Media Broker and Web Gateway.

(This is a visual aid to the steps described in the documentation "Administering FCSDK" shipped with our products, please use this in conjunction to this tutorial).

Navigate to your Media Broker (MB) directory, e.g.


then run this command:

keytool -genkeypair -alias control -keyalg RSA -keystore <keystore_name> -keysize 2048 -ext san=ip:<mediabroker-ipaddress>,dns:<mediabroker-fqdn> -dname "CN=<common_name>"


• keystore_name—The name of the key store file to use—we recommend using the existing one, keystore.jks, instead of generating a new one.

• common_name—The common name to use in the certificate (for example, selfsigned).

• ipaddress and fqdn—These are the IP address and FQDN of the server that the Media Broker is running on. If an FQDN has not been configured, only use ipaddress.

Your entry should look something like this:

Enter your keystore password and key password for <control> Default is same as keystore password. 


Then run this following command:

keytool -export -alias control -file mediabroker.pem -keystore keystore.jks -rfc


This will generate your.pem file needed. 


Next do the following:

Update the following settings in /opt/cafex/FCSDK-X.X.X/media_broker/controller.properties:

- To turn off HTTP, set the HTTP port to 0.

- Set the HTTPS port. For example, 8093.

- Set the keystore location (keystore_name) and password to the values used above. A relative path is acceptable here.


To do the above: 

> vi controller.properties
Find the "Rest" properties (default at the bottom). 
Edit them to resemble the following:

Fill out the blue highlighted lines to match what is shown above. 

> :wq 

(this will save your edit in the file). 


> cat mediabroker.pem
[select the certificate from ---- to other end of -----]

** Making sure there is no white spaces selected, you may want to paste this into a text editor if you are not sure if white spaces have been copied. 


Navigate to your FAS:


>Profile: Management
>Trust Management
>Trust Certificates
     *Make sure "default-trust" is selected on "Trust Certificate Group" *
>Import [button]
IMPORTANT: Change the name! You should have similar to the following:

Note: If you have a HA (multibox) cluster ensure the name is unique per certificate. e.g Mb-1, Mb-2. 

Import this. This should now show in the list of trust certificates. 


SSH back onto the server/s. Perform the following commands:

service fusion_media_broker restart

(wait for service to come back up)


Next navigate to the Web Plugin Framework & log in. (Browser). 


>Media Brokers (should have a red x at this point)
>edit [pencil button]
Change "Control Port" to: 8093
Change Control Type to "Secure".
>Save [bottom of page] 

*wait a minute or two for the WPF page to refresh*

If all has worked, the media broker should now have a green tick towards the end of the cells (where was previously a red x). 




Comments are disabled on these articles if you require help contact support@cafex.com.

Have more questions? Submit a request