Help

Roku Developer Program

Join our online forum to talk to Roku developers and fellow channel creators. Ask questions, share tips with the community, and find helpful resources.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Xerces77
Visitor
‎03-01-2011 02:39 PM

CA Certificate Private RSA Key

Greetings (and thanks in advance to anyone who can help)

I'm trying to add the CA certificate included in the SDK to my website; my hosting provider asks for a private RSA key along with the certificate. How do I generate it? I'm using a windows-based PC.
0 Kudos
Reply
4 REPLIES 4
RokuKevin
Visitor
‎03-01-2011 03:34 PM

Re: CA Certificate Private RSA Key

The CA cert included in the SDK is for Client Certificates. You do not need the key to use it for a server side web server Cert.

If you are just getting started, you're probably trying to set up a server cert for your web server. The following post has some more detail about generating this cert and how to use both client and server side certs with Roku:

http://forums.roku.com/viewtopic.php?f=34&t=27562&start=0



--Kevin
0 Kudos
Reply
Xerces77
Visitor
‎03-01-2011 04:16 PM

Re: CA Certificate Private RSA Key

Wait- here are the instructions in the SDK:

1) Add the Roku CA certificate to the web server’s certificate authorities keychain. The Roku CA certificate is available in the SDK distribution package, in certs/cacert.pem
2) Configure your web server to reject any connection that does not have a valid client certificate.
3) Check the X-Roku-Reserved-Dev-Id header in the request. It should contain the Developer ID of your application. If it does not, another application on the Roku is attempting to access the server, so the request should be rejected.

The clients (anonymous users on the net) won't have any certificates on their machine. I'm not understanding - if the web server that I'm using has no server-side key, how do I verify valid client certificates?
0 Kudos
Reply
RokuKevin
Visitor
‎03-01-2011 04:46 PM

Re: CA Certificate Private RSA Key

Those are the instructions about configuring client side certs. Our recommended secure solution is to use mutual authentication (both client and server certs) to protect the feed. If the feed is well protected, randomized stream urls and server side certs are usually sufficient to protect the content.

If the above doesn't make much sense to you, you are probably just trying to configure SSL on your web server. When your hosting company asks you for the private key it's because they need the key to go with the server side cert you give them. (This is not the cert included in the SDK-- it's one you would typically obtain from Verisign or some other well known certificate authority).

--Kevin
0 Kudos
Reply
Xerces77
Visitor
‎03-01-2011 05:28 PM

Re: CA Certificate Private RSA Key

1) If the instructions are for client-side certification, then why are there instructions to "Add the Roku CA certificate to the web server’s certificate authorities keychain"?

2) Pardon me as I'm new to SSL; if it's only client side, then why's the server involved at all? How can a user be authenticated without something being on the server?
0 Kudos
Reply