What is TLS
Configuring Mediasite to Run Over HTTPS
Enable TLS 1.2
- SQL Server Configuration
- Mediasite Application Server(s) Configuration
- Mediasite Recorder Configuration (v7.5)
- Mediasite Recorder Configuration (v7.3.3)
- Mediasite Recorder Configuration (v7.3.2)
- Mediasite Recorder Configuration (v7.1.14)
- Mediasite Recorder Configuration Security Certificates
- Load Balancer
- Adjust Firewall Ports
Optional: Disable All Protocols Other Than TLS 1.2
Test the Changes
Mediasite Recorder Configuration (v7.1.14)
For a Mediasite deployment to be fully compliant with TLS 1.2, the Recorders must be running Mediasite Recorder software 7.5+ and configured to use TLS 1.2.
If you are unable to upgrade your Recorder, the steps below can be used to enable support for TLS 1.2.
Upgrade to Recorder 7.1.14
Ensure that your Recorder is running the latest version of Recorder software. If it doesn’t support Recorder 7.5 or above, please make sure you upgrade to the latest version of 7.1.14
Please note, Recorders must run the XXXXXX image in order to upgrade to 7.1.14 Build XXXXXX.
Recorder restore images are available here.
Enable Windows Explorer Shell
To perform the following administrative tasks, you must temporarily enable the Windows GUI through the internal settings of the Recorder software.
If you are unsure how to do this, please open a Case with Mediasite Support.
Configure WinHTTP to use TLS 1.0, 1.1, and 1.2
Create the following registry values to enable TLS 1.0, TLS 1.1, and TLS 1.2 as default security provider for WinHTTP calls. For additional details on WinHTTP, see this Microsoft support article.
1. Start the registry editor by clicking on Start and Run. Type in “regedit” into the Run field.
2. Browse to the following registry key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsWinHttp
3. Right click on the WinHttp key and select New and then DWORD (32-bit) Value from the drop-down list.
4. Rename the DWORD to DefaultSecureProtocols.
5. Right-click the name DefaultSecureProtocols and select Modify from the drop-down menu.
6. Ensure that the Value data field is set to 00000A80 and the Base is Hexadecimal. Click on OK.
7. Browse to the following registry key: HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionInternet SettingsWinHttp
8. Right click on the WinHttp key and select New and then DWORD (32-bit) Value from the drop-down list.
9. Rename the DWORD to DefaultSecureProtocols.
10. Right-click the name DefaultSecureProtocols and select Modify from the drop-down menu.
11. Ensure that the Value data field is set to 00000A80 and the Base is Hexadecimal. Click on OK.
Disable Windows Explorer Shell
It’s strongly recommended that you disable the Windows Explorer shell.
Restart the Recorder
Click: Start > Restart to restart the Mediasite Recorder.
Repeat for all recorders
These steps must be taken for all Recorders running Mediasite Recorder software 7.1.14.