Course Content
-
What is TLS
-
Configuring Mediasite to Run Over HTTPS
-
Enable TLS 1.2
- Prerequisites
- SQL Server Configuration
- Mediasite Application Server(s) Configuration
- Mediasite Recorder Configuration (v7.5)
- Mediasite Recorder Configuration (v7.3.3)
- Mediasite Recorder Configuration (v7.3.2)
- Mediasite Recorder Configuration (v7.1.14)
- Mediasite Recorder Configuration Security Certificates
- Load Balancer
- Adjust Firewall Ports
-
Optional: Disable All Protocols Other Than TLS 1.2
-
Test the Changes
Mediasite Recorder Configuration (v7.1.14)
Support for Mediasite Recorder 7.1.14 ended on July 31st, 2020. It is strongly recommended that you upgrade your Recorder software to 7.5 or newer.
The procedures outlined in this course are not fully supported or tested by Sonic Foundry. Please use at your own risk.
For a Mediasite deployment to be fully compliant with TLS 1.2, the Recorders must be running Mediasite Recorder software 7.5+ and configured to use TLS 1.2.
If you are unable to upgrade your Recorder, the steps below can be used to enable support for TLS 1.2.
Upgrade to Recorder 7.1.14
Ensure that your Recorder is running the latest version of Recorder software. If it doesn’t support Recorder 7.5 or above, please make sure you upgrade to the latest version of 7.1.14
Please note, Recorders must run the XXXXXX image in order to upgrade to 7.1.14 Build XXXXXX.
Recorder restore images are available here.
Enable Windows Explorer Shell
To perform the following administrative tasks, you must temporarily enable the Windows GUI through the internal settings of the Recorder software.
If you are unsure how to do this, please open a Case with Mediasite Support.
Configure WinHTTP to use TLS 1.0, 1.1, and 1.2
Create the following registry values to enable TLS 1.0, TLS 1.1, and TLS 1.2 as default security provider for WinHTTP calls. For additional details on WinHTTP, see this Microsoft support article.
1. Start the registry editor by clicking on Start and Run. Type in “regedit” into the Run field.
You will be editing the registry. This could have detrimental effects on your computer if done incorrectly. It is strongly advised to make a backup of your critical files before proceeding.
2. Browse to the following registry key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsWinHttp
3. Right click on the WinHttp key and select New and then DWORD (32-bit) Value from the drop-down list.
4. Rename the DWORD to DefaultSecureProtocols.
5. Right-click the name DefaultSecureProtocols and select Modify from the drop-down menu.
6. Ensure that the Value data field is set to 00000A80 and the Base is Hexadecimal. Click on OK.
To enable TLS 1.2 only, set the value to 00000800.
7. Browse to the following registry key: HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionInternet SettingsWinHttp
8. Right click on the WinHttp key and select New and then DWORD (32-bit) Value from the drop-down list.
9. Rename the DWORD to DefaultSecureProtocols.
10. Right-click the name DefaultSecureProtocols and select Modify from the drop-down menu.
11. Ensure that the Value data field is set to 00000A80 and the Base is Hexadecimal. Click on OK.
To enable TLS 1.2 only, set the value to 00000800.
Disable Windows Explorer Shell
It’s strongly recommended that you disable the Windows Explorer shell.
Restart the Recorder
Click: Start > Restart to restart the Mediasite Recorder.
Repeat for all recorders
These steps must be taken for all Recorders running Mediasite Recorder software 7.1.14.