[Icecast] ssl-cert's

buddylove bluntroller at yandex.com
Mon Jul 11 18:58:07 UTC 2016

Hi Roger

sorry if I bothered you or even mislead you with some former post.
With respect to IT I have totally different topics in my head than the
'Icecast-thing'. It's history for me already quite a while and the work
I invested in making
it running disgusted me.
Please consider that English is not my mother-language and even if my
English is
good, it's not perfect or without mistakes.

Where you put your certs and stuff isn't really of any importance
because by the correct masking you can hide them - even in a folder
where the webserver has access too. Security comes not by putting files
in some folder or not (even jails), Security comes as a whole but that's
another topic and the deeper I dig into it the
more distant I get from your problem. Also there are always and everywhere
people disagreeing, trying to put their own mustard on the sausage.

Nice bla interlude isn't it.

My recommendation and without crawling in my resources and the ones in
the web
here my advice:

1. check your cert files
2. download and read the suitable manual to your icecast-server
3. check the linkage between the files (icecast.xml <-> cert-files)
4. check the ownership and mode of the files and folders
(icecast:icecast, 740)
5. check the linkage to the pid-file

additionally you can
    . check the webservers configs
    . if the ssl mod is loaded
    . if ssl is enable in the webserver of your choice

Even if the other nerd around mentioned correct that the webserver
usually has
no meaning in that scenario...
Can you set up the webserver (or any other similar application) you use
to use
your certs, are they working?

There should usually not be more to do than that.
I never set up a ssl-connection with my stream (for what?
superfluous...) so I
can't really report out of my experiences.

More information about the Icecast mailing list