[Icecast] self-signed ssl certificate, icecast2, and no ssl capability

David Mehler dave.mehler at gmail.com
Fri Sep 28 18:06:02 UTC 2018


I'm trying to get ssl going via a self-signed certificate on my
Icecast server. It's running raspbian stretch on a Raspberry Pi so the
latest version from packages.

I tried to connect to the web site via https specifically:


thinking it would go ssl, it didn't I got a could not connect error
message, site might use unsafe or outdated tls security protocols,
that's from memory.

I set icecast2 logging to 4 debug prior to this and looked at my error
file grep for the term ssl I got this:

#grep ssl /var/log/icecast2/error.log
[2018-09-28  13:43:48] INFO connection/get_ssl_certificate No SSL capability

The relevant portions of my icecast.xml file:

#cat icecast.xml
paths section:
        <!-- The certificate file needs to contain both public and private part.
             Both should be PEM encoded.

I then checked the permissions on my self-signed certificate:

#ls -l icecast.pem
-rw-r----- 1 icecast2 icecast 5455 Sep 27 13:17 icecast.pem

and taking out the gibbrish of my certificate:
#cat icecast.pem

To create this self-signed certificate I did:

cd /etc/icecast2
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -keyout
icecast.pem -out icecast.pem
chown icecast2:icecast icecast.pem
chmod 0640 icecast.pem

Suggestions as to where I went wrong appreciated.

More information about the Icecast mailing list