[Icecast] SSL Cert Woes
Speagle, Andy
andy.speagle at wichita.edu
Mon Aug 28 19:05:11 UTC 2017
> > > > Hi Folks,
> > > >
> > > > I’m having a problem getting a the SSL cert file formatted just
> > > > like icecast wants… I’m running 2.4.2 … and it doesn’t seem to
> > > > want to use my combined key + cert chain no matter in what order I
> > > > put it.
> > > > Presently, I have it in this format.. with spaces between each
> > > > key/cert…
> > > >
> > > > KEY
> > > >
> > > > CERTCHAIN-1
> > > >
> > > > CERTCHAIN-2
> > > >
> > > > CERTCHAIN-3
> > > >
> > > > MYCERT
> > > >
> > > > And… well… not sure what else to do here. I have the file owned
> > > > by icecast:icecast … and … it should be readable in its present
> > > > location… so, not sure what else would be wrong.
> > > >
> > >
> > > Firtsly, what operative system are you running ?. On Debian
> > > GNU/Linux user
> > > icecast2 and group icecast, then icecast2:icecast.
> >
> > I'm on RHEL 7, so the user/group is icecast:icecast ...
> >
> > > Secondly, check the Icecast2's error.log looking about SSL or TLS
> > > capability.
> > > On Debian GNU/Linux /var/log/icecast2/error.log.
> >
> > From the log, I get a simple:
> >
> > WARN connection/get_ssl_certificate Invalid cert file <my cert
> > filepath>
> > INFO connection/get_ssl_certificate No SSL capability on any
> > configured ports
> >
> Make sure you have set up Icecast correctly:
>
> <listen-socket>
> <port>8443</port>
> <ssl>1</ssl>
> </listen-socket>
Yeah... it's setup properly...
> <paths>
> ...
> <ssl-certificate>/usr/share/icecast2/icecast.pem</ssl-
> certificate>
> </paths>
Yes... correct for me.
> Also, there is the possibility that Icecast2 package does not support
> encrypted connections via openssl.
> In my case I saw something similar to this:
> [2017-08-08 03:05:34] INFO connection/get_ssl_certificate No SSL capability
> Then, like solution I should have compiled Icecast with openssl support
> enabled.
Well... I believe it to be setup correctly... the RPM has a libssl requirement... and the fact that it tries to check the SSL cert file indicates that it has capability...
More information about the Icecast
mailing list