[Icecast] SSL Cert Woes

José Luis Artuch artuch at speedy.com.ar
Mon Aug 28 17:56:31 UTC 2017


"Speagle, Andy" <andy.speagle at wichita.edu>Hi Andy,
El lun, 28-08-2017 a las 13:46 +0000, Speagle, Andy escribió:
> > El vie, 25-08-2017 a las 16:49 +0000, Speagle, Andy escribió:
> > > Hi Folks,
> > > 
> > > I’m having a problem getting a the SSL cert file formatted just
> > > like
> > > icecast wants… I’m running 2.4.2 … and it doesn’t seem to want to
> > > use
> > > my combined key + cert chain no matter in what order I put it.
> > > Presently, I have it in this format.. with spaces between each
> > > key/cert…
> > > 
> > > KEY
> > > 
> > > CERTCHAIN-1
> > > 
> > > CERTCHAIN-2
> > > 
> > > CERTCHAIN-3
> > > 
> > > MYCERT
> > > 
> > > And… well… not sure what else to do here.  I have the file owned
> > > by
> > > icecast:icecast … and … it should be readable in its present
> > > location…
> > > so, not sure what else would be wrong.
> > > 
> > 
> > Firtsly, what operative system are you running ?. On Debian
> > GNU/Linux user
> > icecast2 and group icecast, then icecast2:icecast.
> 
> I'm on RHEL 7, so the user/group is icecast:icecast ... 
> 
> > Secondly, check the Icecast2's error.log looking about SSL or TLS
> > capability.
> > On Debian GNU/Linux /var/log/icecast2/error.log.
> 
> From the log, I get a simple: 
> 
> WARN connection/get_ssl_certificate Invalid cert file <my cert
> filepath>
> INFO connection/get_ssl_certificate No SSL capability on any
> configured ports
> 
Make sure you have set up Icecast correctly:

<listen-socket>
	<port>8443</port>
	<ssl>1</ssl>
</listen-socket>
...
<paths>
	...
	<ssl-certificate>/usr/share/icecast2/icecast.pem</ssl-
certificate>
</paths>

Also, there is the possibility that Icecast2 package does not support
encrypted connections via openssl.
In my case I saw something similar to this:
[2017-08-08  03:05:34] INFO connection/get_ssl_certificate No SSL
capability
Then, like solution I should have compiled Icecast with openssl support
enabled.

Regards.
José Luis
> So... not sure what else I can do here... using simple openssl verify
> commands I can see that the cert chain is valid... 
> 
> Thanks!
> 
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast


More information about the Icecast mailing list