BlueJeans Events - Accelerator deployment

  • 3
  • Idea
  • Updated 1 year ago
Let's use this forum to share some tips and caveats related to accelerator deployment
Photo of Ruheed Mohamed

Ruheed Mohamed, Official Rep

  • 280 Points 250 badge 2x thumb

Posted 1 year ago

  • 3
Photo of Ruheed Mohamed

Ruheed Mohamed, Official Rep

  • 280 Points 250 badge 2x thumb
If you're a BlueJeans Events (Primetime) platform user and have been using the on premise accelerator solution to conserve your bandwidth utilization you might already be aware that accelerator today support HTML5 streams but it comes with it own caveats and limitations. I'd like to post a few known current caveats and limitations:
- HTML5 streams are dependent on https traffic between the on premise node and the browser client, hence requires an SSL communication over LAN between the node and browser(client).
- To do so, a certificate is required to be uploaded onto the accelerator node. Below are few Q&A related to certificate deployment:

Q.But wait, the accelerator interface is a linux based interface, so how do you upload it?
A. The certificate and the private key can be exported in pem format and opened via notepad or texteditor and the contents can be copied over to the node.

Q. My PKI solution is Windows server based and can export only .pfx format, how can I get .pem format?
A. You can use OpenSSL and extract the key and certificate in .pem format from . pfx file (you can google to get detailed instructions on this).

Q. Can I sign it using an intermediate CA and use it or does it have be directly signed by the Root CA?
A. Yes, you can certainly sign it using your intermediate CA, but remember to upload both Intermediate and root CA to the node.

Q. Why does my Chrome throw a certificate error while it works fine on IE11?
A. Chrome 58 and above requires a subject alternative name and you can use the private IP of the node as SAN while generating a CSR.

Q. I created a CSR with private IP as the SAN and signed it with my CA. My Chrome browser accepts it but IE11 on Windows 7 is throwing an error, why?
A. Ensure that SAN consists both DNS and IP as private IP of the node. This will fulfill the security requirements of both Chrome and IE browsers.

Q. Firefox does seem to recognize my certificate?
A. Firefox browser maintains it's own separate certificate store, so it's important the the Root CA is available within the Firefox store as well.

Q. MS Edge browser doesn't seem to be able to download the stream from the accelerator node?
A. Microsoft Edge blocks cross-domain requests sent to IPs in same private network CIDR, so ensure that * is whitelisted as a trusted domain within your Edge browser settings.

Q. I have accelerator deployed with SSL certs, yet my IE11 on Windows 7 required flash?
A.  You can refer the following article to know more on this: