TLS Encryption

The Media Gateway/SRT Gateway web interface is encrypted to provide secure interactions with your devices. When you access the web interface, you are automatically redirected to use HTTPS on port 443. As a result, your web browser requests the security certificate to confirm that the site is trusted. Media Gateway/SRT Gateway ships with a self-signed TLS certificate key set which works with any configured server hostname. However, web browsers do not consider self-signed certificates to be trusted, because they are not signed by a Certificate Authority. Consequently, when accessing the website with a self-signed certificate, users see a security warning and are prompted for authorization.

Note

Recent OS updates (particularly macOS 10.15 and iOS 13, see https://support.apple.com/en-us/HT210176) block access to websites with TLS certificates that have a validity window of more than 825 days. Previous versions of Haivision Media Gateway ship with a self-signed certificate with a 10-year expiration, while Haivision Media Gateway/SRT Gateway version 3.2+ ships with a self-signed certificate with a 2-year expiration. Therefore, new installs are not affected by this issue. However, if you have upgraded from a previous version to version 3.2 or later, you must generate a new certificate to allow access. From a computer that can access the server, use an administrator account to regenerate a new self-signed certificate. See Generating a New Self-Signed Certificate for details on how to do this.

Supplying the Media Gateway/SRT Gateway with an TLS security certificate eliminates the security warning, provides a means for users to verify a website, and ensures that the connection is secure. See Certificates for more details.