<div dir="ltr"> > openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem<div><div>This will produce a csr file, not an actual certificate, you use this csr file to generate an actual certificate which you can use with Icecast.</div><div>If you're interested in ssl certificate just for testing you can generate a self signed cert:</div><div><a href="https://devopscube.com/create-self-signed-certificates-openssl/">https://devopscube.com/create-self-signed-certificates-openssl/</a><br></div><div>For production you'll need to acquire a certificate from a trusted CA though.</div><div><br></div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Feb 6, 2023 at 10:24 AM _zer0_ gravity <<a href="mailto:zer0___@hotmail.com">zer0___@hotmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Which version of Icecast are you running and from which repo did you install it?<br>
I always used the xiph repo: <a href="http://download.opensuse.org/repositories/multimedia:/xiph/" rel="noreferrer" target="_blank">http://download.opensuse.org/repositories/multimedia:/xiph/</a><br>
as for example on at least older Debian versions the one on the official repos were NOT compiled with ssl support.<br>
<br>
Cheers, Paul<br>
<br>
-----Oorspronkelijk bericht-----<br>
Van: Icecast <<a href="mailto:icecast-bounces@xiph.org" target="_blank">icecast-bounces@xiph.org</a>> Namens Steve Matzura<br>
Verzonden: Monday, 6 February 2023 04:35<br>
Aan: Icecast streaming server user discussions <<a href="mailto:icecast@xiph.org" target="_blank">icecast@xiph.org</a>><br>
Onderwerp: [Icecast] Still Struggling with Secure Connections<br>
<br>
I made a special pair of keys just for Icecast with this command:<br>
<br>
$ openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem<br>
<br>
I combined the two files like this:<br>
<br>
$ cat cert.pem key.pem > icecast.pem<br>
<br>
I placed icecast.pem in /etc/icecast2 and used 'chown icecast2:icecast icecast.pem' to change owner to icecast2:icecast.<br>
<br>
I also changed its protection to 600 with 'chmod 600 icecast.pem' since it does contain a private key.<br>
<br>
<br>
The listen socket has SSL enabled:<br>
<br>
<br>
<ssl>1</ssl><br>
<br>
<br>
I check <paths> in icecast.xml:<br>
<br>
<ssl-certificate>/etc/icecast2/icecast.pem</ssl-certificate><br>
<br>
I reloaded the configuration:<br>
<br>
$ /etc/init.d/icecast2 reload<br>
<br>
Tested with:<br>
<br>
<a href="https://theglobalvoice.info:8443/broadband" rel="noreferrer" target="_blank">https://theglobalvoice.info:8443/broadband</a><br>
<br>
<br>
Same PR_END_OF_FILE error.<br>
<br>
<br>
I'm stumped.<br>
_______________________________________________<br>
Icecast mailing list<br>
<a href="mailto:Icecast@xiph.org" target="_blank">Icecast@xiph.org</a><br>
<a href="http://lists.xiph.org/mailman/listinfo/icecast" rel="noreferrer" target="_blank">http://lists.xiph.org/mailman/listinfo/icecast</a><br>
_______________________________________________<br>
Icecast mailing list<br>
<a href="mailto:Icecast@xiph.org" target="_blank">Icecast@xiph.org</a><br>
<a href="http://lists.xiph.org/mailman/listinfo/icecast" rel="noreferrer" target="_blank">http://lists.xiph.org/mailman/listinfo/icecast</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr">Yahav Shasha,<br>Web Developer<br>+972-(0)549214421<br><div><a href="http://www.linkedin.com/in/yahavs" target="_blank">http://www.linkedin.com/in/yahavs</a><br></div></div></div>