[Icecast] icecast https stream and Sonos

Verten Radio verten at xs4all.nl
Mon Mar 6 12:28:32 UTC 2023


Hallo Brad,

Thanks for you answer. This helps.

I will look in to it.

Greetings,

Johan



Verzonden vanuit Mail voor Windows

Van: Brad Isbell
Verzonden: zondag 5 maart 2023 18:39
Aan: Icecast streaming server user discussions
Onderwerp: Re: [Icecast] icecast https stream and Sonos

Johan, the Sonos information here is spot on.  You are missing the intermediate certs.

While your stream will work fine in common browsers where the certificates are already available, they won't necessarily work in other places.

Once you concatenate the right certificates in, DigiCert has an online tool you can use to check that you have it correct:  https://www.digicert.com/help/  If you were on port :443, you could also use https://www.ssllabs.com/ssltest/.

Brad Isbell // AudioPump, Inc.
brad at audiopump.co

On Sun, Mar 5, 2023 at 2:58 AM Verten Radio <verten at xs4all.nl> wrote:
My icecast https stream (https://vertenradio.com:8443/stream) does not work on a Sonos ONE player.
 
It might have something to do with the ssl handshake.
 
>From the developer page from sonos i found this:
 
Some common reasons for SSL handshake failures include:
• Expired certificate: Every certificate has a validity window before it expires. You need to present Sonos with unexpired certificates.
• DNS name mismatch: Your certificate must match the DNS name used in the Sonos service catalog. If the URL in the Sonos service catalog is https://stremingservice.example.com/svc, then your certificate must have a subjectAltName or a Common Name matching streamingservice.example.com. Any mismatches will cause an outage. For example, this may occur if you introduce a Content Delivery Network (CDN) into your setup as this may affect the DNS names and certificates involved.
• Missing intermediate CA cert: Most certificate authorities do not issue individual server certificates directly from their root CA certificate. They often use an intermediate CA certificate. Usually, the chain looks like this:
Root CA certificate -> Intermediate CA certificate -> Your service’s SSL server certificate.
In these cases, you must configure your SSL server to send Sonos the intermediate CA certificate as well as your SSL server certificate. Without this, Sonos will not be able to validate the full chain and the validation may fail.
I don’t thinks this is the case, but what could it be?
Any answers?
Glad to hear it, 
Regards,
 
Johan
 
 
 
 
Verzonden vanuit Mail voor Windows
 
_______________________________________________
Icecast mailing list
Icecast at xiph.org
http://lists.xiph.org/mailman/listinfo/icecast

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20230306/d01f0993/attachment.htm>


More information about the Icecast mailing list