Import server certificate... (KDM Creator)

Anything and everything to do with DCP-o-matic.
carl
Site Admin
Posts: 2338
Joined: Thu Nov 14, 2013 2:53 pm

Re: Import server certificate... (KDM Creator)

Post by carl »

OK, I added a note about that in the tracker. Don't be shy about adding things there yourself if you have feature requests/ideas :)
Carsten
Posts: 2648
Joined: Tue Apr 15, 2014 9:11 pm
Location: Germany

Re: Import server certificate... (KDM Creator)

Post by Carsten »

kcsim99 wrote: Sun Dec 01, 2019 2:11 pm The database thing is good, but sometimes, we just need to issue KDMs for a group of cinemas once, and it’s a pain having to set them up into a database before the KDMs can be issued.

How do you distribute the KDMs then? Send a huge ZIP containing all the KDMs to all cinemas/servers?
The idea of the database is also that you can direct specific KDMs to specific transport/receivers.

Admittedly, if this was a feature of KDM creator, it would not clog up the general GUI.

A way to support this would be to offer not only a list of cinemas/screens on the left side, but to have an additional folder option there containing all the certs. The resulting KDMs could then all be written to a single folder/ZIP, and email/time zone options would be ignored. It would probably fail for some dual projector setups, but...

Still, it is always best to have a proper cert database. Maybe there is a way for faster cert import/database generation. Like a batch import - add 'screens'.

- Carsten
kcsim99
Posts: 5
Joined: Sun Dec 01, 2019 12:56 pm

Re: Import server certificate... (KDM Creator)

Post by kcsim99 »

Carsten wrote: Sun Dec 01, 2019 5:23 pm
How do you distribute the KDMs then? Send a huge ZIP containing all the KDMs to all cinemas/servers?
The idea of the database is also that you can direct specific KDMs to specific transport/receivers.
Hi there!

Yes, the cinema chain would email me a zip file with all the PEM files of the screens in separate directories. So what I would do is to have the KDMs issued separately into the original directories and email it back to them. Well, it’s not that big a zip file, perhaps a few MB.

I agree the database is an excellent feature to keep everything neat and tidy if you regularly issue KDMs to them.
Carsten wrote: Sun Dec 01, 2019 5:23 pm
A way to support this would be to offer not only a list of cinemas/screens on the left side, but to have an additional folder option there containing all the certs. The resulting KDMs could then all be written to a single folder/ZIP, and email/time zone options would be ignored. It would probably fail for some dual projector setups, but...
Yes that would be excellent. And perhaps an option to have the KDMs in the respective folders of the PEM files.

Why would the KDMs fail for the dual projector setups if KDMs are issued for both of the projectors? I’m sorry but I’ve never had much experience with dual projectors.
Carsten
Posts: 2648
Joined: Tue Apr 15, 2014 9:11 pm
Location: Germany

Re: Import server certificate... (KDM Creator)

Post by Carsten »

Using the folder method, you would only create on a 'one KDM per certificate' basis. Some setups are more complicated than that. The database would allow to cater for these specific issues.



- Carsten
MrsDCP
Posts: 3
Joined: Mon Jan 06, 2020 3:12 pm

Re: Import server certificate... (KDM Creator)

Post by MrsDCP »

Carsten wrote: Wed Aug 14, 2019 1:51 pm Additional certs can be added under 'other trusted devices'. Some dual systems (like slaved secondary servers) may need their own individual secondary KDM.
Dear Carsten,

I'm wondering if there's not a bug with those dual KDMs... I had the 2.14.8 version for a moment now and it seems it is the same problem with the 2.14.19 version.
From what I can see, it's always generating that 2jmj7l5rSw0yVb/vlWAYkK/YBwk= no matter what the "trusted device" is.
Please see those 2 pictures joined.

What do you think?

TNX ;-)
2jmj7_2.png
2jmj7_2.png (99.94 KiB) Viewed 5847 times
2jmj7_1.png
2jmj7_1.png (84.48 KiB) Viewed 5847 times
carl
Site Admin
Posts: 2338
Joined: Thu Nov 14, 2013 2:53 pm

Re: Import server certificate... (KDM Creator)

Post by carl »

The 2jm7l5r... thumbprint is a magic "assume trust" thumbprint. As it stands in DoM if you want to see the thumbprints for your specific devices you will need to select the "Multiple Modified Transitional 1" KDM type.
MrsDCP
Posts: 3
Joined: Mon Jan 06, 2020 3:12 pm

Re: Import server certificate... (KDM Creator)

Post by MrsDCP »

Yes, indeed!

<AuthorizedDeviceInfo>
<DeviceListIdentifier>urn:uuid:4b279ef2-9437-4427-bcf6-4ef1d38aef47</DeviceListIdentifier>
<DeviceListDescription>IMS-313498.DC.DOLPHIN.DC2.SMPTE</DeviceListDescription>
<DeviceList>
<CertificateThumbprint>0H53BLuaJ6Xdyn04UjRFqs8ys2o=</CertificateThumbprint>
</DeviceList>
</AuthorizedDeviceInfo>


I was thinking of this "problem" because the KDMs with 2jmj... are not working. It should come from something/somewhere else... :mrgreen:

Thank you for being so efficient. ;-)
carl
Site Admin
Posts: 2338
Joined: Thu Nov 14, 2013 2:53 pm

Re: Import server certificate... (KDM Creator)

Post by carl »

This stuff hasn't been very widely tested so I'd be interested to hear how you get on...
MrsDCP
Posts: 3
Joined: Mon Jan 06, 2020 3:12 pm

Re: Import server certificate... (KDM Creator)

Post by MrsDCP »

Might be a silly question but:
is it supposed to work with this magic 2jmj?

Or is it because "Multiple KDM type" was not used that it doesn't work?

;-)
Post Reply