Foliovision › Forums › FV Player › Troubleshooting › Cloud Front URL is missing Signature
-
Hi,
Recently got the pro version and setting up right now. I have videos in S3 bucket as well as Cloud Front distribution.
I did setup both sections in the settings: S3 and Cloud front with all the keys.
The S3 urls work – can play with no problem.
But CloudFront URLs are missing signatures. They look like this:
https://d2gq1xa7f9b21p.cloudfront.net/styling/v1/1/01_Style+personality.mp4?Key-Pair-Id=XXXXXXXXXXXX&Signature=&Expires=1748729381
I tried to read this but couldn’t catch the relationships to the splash screen.
I read and followed both S3 and cloudFront setup documentation and believe it’s all good on AWS side.
CloudFront link works if I unrestrict the viewer.
Any ideas how can I debug missing signature parameter?
-
-
Hello Aleksandr,
The link which you sent shows an empty
Signature
argument.Please check wp-admin -> FV Player -> Settings -> Hosting -> CloudFront -> Private Key. There should be the following message appearing undeneath:
Your Private Key file is present and appears to be valid.
If it’s then, then please reinstall FV Player (just the base plugin, FV Player Pro needs to stay) from this link: https://foliovision.com/downloads/fv-player-8.zip
Then send over wp-admin -> FV Player -> Settings -> Tools -> System Info.
I added a “OpenSSL CloudFront test” row to it.
Thanks,
MartinHi,
Thank you for the quick reply. Here is the screenshot of my settings:
And here is the parts of the system infoOpenSSL digest methods: blake2b512, blake2s256, md4, md5, md5-sha1, ripemd160, sha1, sha224, sha256, sha3-224, sha3-256, sha3-384, sha3-512, sha384, sha512, sha512-224, sha512-256, shake128, shake256, sm3, whirlpool OpenSSL CloudFront test: SHA1 signing failed () [cf_domain] => d2gq1xa7f9b21p.cloudfront.net [cf_key_id] => (redacted) [cf_pk] => (redacted)
Hello Aleksandr,
Please reinstall FV Player once again from this link: https://foliovision.com/downloads/fv-player-8.zip
I added more debug details into wp-admin -> FV Player -> Settings -> Tools -> System Info.
It’s possible that your web host has stopped supporting SHA1 in OpenSSL. Unfortunately CloudFront only supports SHA1 for the URL signatures:
You must use RSA-SHA1 for signing URLs or cookies. CloudFront doesn’t accept other algorithms.
Thanks,
MartinPlease also deactivate and delete the FV Player Pro plugin you are using, then hit “Install Pro extension” at the top of the wp-admin -> FV Player -> Settings screen.
That will give you the improved FV Player Pro plugin which will show the private key status right in the CloudFront settings box.
Thanks,
MartinGreat, This is definitely more information (see the screenshot).
Do you think it’s the problem with my service provider or my key? Like I need to use different key length.Hello Aleksandr,
Could you please share the private key with us along with one of the video links? That way we can test the siging in our environment and figure out the exact cause of the issue.
Sharing the key would not give us any special permissions as it’s for the CloudFlare sigining and S3 access only.
You could be also trying to switch to a different PHP version, like 8.3 if you are on 8.2.
Thanks,
MartinHello Aleksandr,
I was able to configure FV Player Pro with your private key and it works. The SHA1 signing works and the video plays.
I was not able to find much about the error you are running into:
error: 03000082:digital envelope routines:: invalid key length
It almost seems as if it tries to use some other hash function than SHA1.
I guess you already tried to put the private key in again and save to see if that fixes the issue.
So please reinstall FV Player Pro again, I set it to force the SHA1 algorithm.
If that won’t help, could you please try to replace the private key with some random word? You should be getting:
error:0909006C:PEM routines:get_name:no start line
It should start with “—–BEGIN RSA PRIVATE KEY—–” and end with “—–END RSA PRIVATE KEY—–“.What if you then put in a bogus key like this?
-----BEGIN RSA PRIVATE KEY----- SGVsbG8gQWxla3NhbmRyLAoKSSB3YXMgYWJsZSB0byBjb25maWd1cmUgRlYgUGxheWVyIFBybyB3aXRoIHlvdXIgcHJpdmF0ZSBrZXkgYW5kIGl0IHdvcmtzLiBUaGUgU0hBMSBzaWduaW5nIHdvcmtzIGFuZCB0aGUgdmlkZW8gcGxheXMuCgpDb3VsZCB5b3UgcGxlYXNlIHRyeSB0byByZXBsYWNlIHRoZSBwcml2YXRlIGtleSB3aXRoIHNvbWV0aGluZyBib2d1cyBsaWtlIGp1c3QgYW55IHJhbmRvbSB3b3JkPyBGViBQbGF5ZXIgUHJvIHNob3VsZCBjb21wbGFpbiBhYm91dCBtaXNzaW5nICItLS0tLUJFR0lOIFJTQSBQUklWQVRFIEtFWS0tLS0tIiBhbmQgIi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tIi4KCldoYXQgaWYgeW91IHRoZW4gcHV0IGluIGEgYm9ndXMga2V5IGxpa2UgdGhpcz8KCgoKVGhhbmtzLApNYXJ0aW4= -----END RSA PRIVATE KEY-----
It should give:
error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
Thanks,
MartinI wasn’t sure where to re-install from, so I tried negative scenarion on the version I’m on: See screenshot 1 and 2. It looks like I get ‘invalid key length’ all the time.
I put my original key and got the error from the previous post.
Where should I re-install from? From the same link earlier? Right now I have VF Player 8 and FV Player Pro. Could you please clarify what I should reinstall and how cause I’m a bit confused and want to do the right thing to force SHA1.Hi,
I’ve got the answer from my hosting support. In short, they don’t support SHA1 at all. My understanding that Cloud Front signing urls doesn’t support anything else. Let me think if I just want to go with S3 streaming or look for alternative.... SHA-1 signing is not available on our servers, as this algorithm is obsolete since 2017 when the CA/Browser Forum, which governs the issuance and use of SSL/TLS certificates, officially deprecated SHA-1 certificates, and major web browsers like Google Chrome, Mozilla Firefox, and Microsoft Edge stopped trusting them. Additionally, the National Institute of Standards and Technology (NIST) recommended transitioning away from SHA-1 in favor of more secure hash functions. I would recommend exploring options to host your videos with a service, that supports SHA-2 and SHA-3 instead of the deprecated SHA-1. ...```
Hello Aleksandr,
I switched to using phpseclib instead of OpenSSL. This should fix the issue for your.
Please deactivate and delete the FV Player Pro plugin you are using, then hit “Install Pro extension” at the top of the wp-admin -> FV Player -> Settings screen.
Then switch to the Beta release using the steps from here if you are not already using it: https://foliovision.com/player/basic-setup/switching-fv-player-pro-to-beta
That will give you the FV Player Pro plugin with the new phpseclib library which does not use OpenSSL for SHA1.
The SHA1 algorithm here is used only for the CloudFlare URL signature, it does not lower your website security in any way. It’s not related to your website SSL certificate in any way. Still it’s too bad that AWS won’t update their CloudFront to use a modern algorithm.
Thanks,
Martin