[Icecast] ssl-cert's

Walter York walteryork at hotmail.com
Mon Jul 11 19:06:14 UTC 2016


Seems like I had SSL setup properly in the first place...  Apparently Centovacast is not playing fair with my mount port, after setting up an alternate port and setting ssl and path to the cert in the config file, everything is good.  I'll place these steps below for others to use...
I used the following command to create a self-signed cert for testing...
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout sample.pem -out sample.pem
(this created a correctly formatted self-signed certificate that works)  I placed the pem file into my ssl folder, made sure the user that runs icecast has perms to the pem file.  I added the <ssl>1</ssl> to my config file and then added the path as well following the instructions from here: http://www.icecast.org/docs/icecast-2.4.1/config-file.html
I also used the instructions from here to create my pem file:  https://www.digicert.com/ssl-support/pem-ssl-creation.htmSpecifically under the heading: Creating a .pem with the Private Key and Entire Trust Chain
If you are using a Windows based system and not linux cat, you must use Wordpad and NOT Notepad.  The certificate begin and certificate ends from consecutive certificates are on separate lines... not sure if that matters though.
Now, since changing the ports from 8000 to 8050 having a secure page, the new page doesn't show any active streams... another thing to troubleshoot but I'm further along!

> To: icecast at xiph.org
> From: jerickson at logicalnetworking.net
> Date: Mon, 11 Jul 2016 09:10:04 -0700
> Subject: Re: [Icecast] ssl-cert's
> 
> # cat fullchain.pem privkey.pem >combined.pem
> 
> I wouldn't think it matters much where you put the cert as long as the
> running Icecast user has permissions to read it. I'd create (if not
> already created) /etc/icecast personally.
> 
> <ssl-certificate>:
> 
> If specified, this points to the location of a file that contains both
> the X.509 private and public key. This is required for HTTPS support to
> be enabled. Please note that the user Icecast is running as must be able
> to read the file. Failing to ensure this will cause a "Invalid cert
> file" WARN message, just as if the file wasn't there.
> 
> 
> Cheers,
> Jordan
> 
> 
> On 07/10/2016 02:11 PM, Walter York wrote:
> > 1.  I already have the cert and key files.  How do I combine these
> > existing keys into a single PEM file?
> > 2.  What directory do you suggest I place they PEM file?
> > 
> >> To: icecast at xiph.org
> >> From: bluntroller at yandex.com
> >> Date: Sat, 9 Jul 2016 13:19:03 +0200
> >> Subject: [Icecast] ssl-cert's
> >>
> >> @ the guy with the ssl certs problem:
> >>
> >> recheck file- and folder-permissions.
> >> check if the ssl.-cert is generated correct.
> >> re-check the icecast config-file and it's file- and folder-permissions.
> >> are the involved files in the correct location so icecast can find them?
> >> what about the pid-entry?
> >>
> >> greets
> >> gee
> >> _______________________________________________
> >> Icecast mailing list
> >> Icecast at xiph.org
> >> http://lists.xiph.org/mailman/listinfo/icecast
> > 
> > 
> > _______________________________________________
> > Icecast mailing list
> > Icecast at xiph.org
> > http://lists.xiph.org/mailman/listinfo/icecast
> > 
> 
> -- 
> Jordan Erickson (PGP: 0x78DD41CB)
> Logical Networking Solutions, 707-636-5678
> 
> 
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20160711/a7800c52/attachment.htm>


More information about the Icecast mailing list