[Icecast] Still Struggling with Secure Connections
Yahav Shasha
yahav.shasha at gmail.com
Mon Feb 6 08:33:40 UTC 2023
Wait, my bad. I missed the - x509 arg..
On Mon, Feb 6, 2023 at 10:32 AM Yahav Shasha <yahav.shasha at gmail.com> wrote:
> > openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout
> key.pem -out cert.pem
> This will produce a csr file, not an actual certificate, you use this csr
> file to generate an actual certificate which you can use with Icecast.
> If you're interested in ssl certificate just for testing you can generate
> a self signed cert:
> https://devopscube.com/create-self-signed-certificates-openssl/
> For production you'll need to acquire a certificate from a trusted CA
> though.
>
>
>
> On Mon, Feb 6, 2023 at 10:24 AM _zer0_ gravity <zer0___ at hotmail.com>
> wrote:
>
>> Which version of Icecast are you running and from which repo did you
>> install it?
>> I always used the xiph repo:
>> http://download.opensuse.org/repositories/multimedia:/xiph/
>> as for example on at least older Debian versions the one on the official
>> repos were NOT compiled with ssl support.
>>
>> Cheers, Paul
>>
>> -----Oorspronkelijk bericht-----
>> Van: Icecast <icecast-bounces at xiph.org> Namens Steve Matzura
>> Verzonden: Monday, 6 February 2023 04:35
>> Aan: Icecast streaming server user discussions <icecast at xiph.org>
>> Onderwerp: [Icecast] Still Struggling with Secure Connections
>>
>> I made a special pair of keys just for Icecast with this command:
>>
>> $ openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout
>> key.pem -out cert.pem
>>
>> I combined the two files like this:
>>
>> $ cat cert.pem key.pem > icecast.pem
>>
>> I placed icecast.pem in /etc/icecast2 and used 'chown icecast2:icecast
>> icecast.pem' to change owner to icecast2:icecast.
>>
>> I also changed its protection to 600 with 'chmod 600 icecast.pem' since
>> it does contain a private key.
>>
>>
>> The listen socket has SSL enabled:
>>
>>
>> <ssl>1</ssl>
>>
>>
>> I check <paths> in icecast.xml:
>>
>> <ssl-certificate>/etc/icecast2/icecast.pem</ssl-certificate>
>>
>> I reloaded the configuration:
>>
>> $ /etc/init.d/icecast2 reload
>>
>> Tested with:
>>
>> https://theglobalvoice.info:8443/broadband
>>
>>
>> Same PR_END_OF_FILE error.
>>
>>
>> I'm stumped.
>> _______________________________________________
>> Icecast mailing list
>> Icecast at xiph.org
>> http://lists.xiph.org/mailman/listinfo/icecast
>> _______________________________________________
>> Icecast mailing list
>> Icecast at xiph.org
>> http://lists.xiph.org/mailman/listinfo/icecast
>>
>
>
> --
> Yahav Shasha,
> Web Developer
> +972-(0)549214421
> http://www.linkedin.com/in/yahavs
>
--
Yahav Shasha,
Web Developer
+972-(0)549214421
http://www.linkedin.com/in/yahavs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20230206/9de846fc/attachment.htm>
More information about the Icecast
mailing list