<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 5 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1169061759;
mso-list-template-ids:-1;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style></head><body lang=NL link=blue vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal>Hallo Brad,</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Thanks for you answer. This helps.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I will look in to it.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Greetings,</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Johan</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Verzonden vanuit <a href="https://go.microsoft.com/fwlink/?LinkId=550986">Mail</a> voor Windows</p><p class=MsoNormal><o:p> </o:p></p><div style='mso-element:para-border-div;border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal style='border:none;padding:0cm'><b>Van: </b><a href="mailto:brad@audiopump.co">Brad Isbell</a><br><b>Verzonden: </b>zondag 5 maart 2023 18:39<br><b>Aan: </b><a href="mailto:icecast@xiph.org">Icecast streaming server user discussions</a><br><b>Onderwerp: </b>Re: [Icecast] icecast https stream and Sonos</p></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>Johan, the Sonos information here is spot on. You are missing the intermediate certs.</p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>While your stream will work fine in common browsers where the certificates are already available, they won't necessarily work in other places.</p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Once you concatenate the right certificates in, DigiCert has an online tool you can use to check that you have it correct: <a href="https://www.digicert.com/help/">https://www.digicert.com/help/</a> If you were on port :443, you could also use <a href="https://www.ssllabs.com/ssltest/">https://www.ssllabs.com/ssltest/</a>.</p></div><div><div><div><div><div><div><div><div style='border:none;border-top:solid #555555 1.0pt;padding:0cm 0cm 0cm 0cm;margin-top:24.0pt'><table class=MsoNormalTable border=0 cellpadding=0><tr><td style='padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal><span style='font-size:10.0pt;color:#333333'><img border=0 width=64 height=52 style='width:.6666in;height:.5416in' id="_x0000_i1025" src="https://audiopump.co/img/audiopump-logo-64px.png"></span><span style='font-size:10.0pt;color:#333333'><o:p></o:p></span></p></td><td style='padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal><strong><span style='font-size:10.0pt;font-family:"Calibri",sans-serif;color:#333333'>Brad Isbell // AudioPump, Inc.</span></strong><span style='font-size:10.0pt;color:#333333'><br><a href="mailto:brad@audiopump.co" target="_blank">brad@audiopump.co</a><o:p></o:p></span></p></td></tr></table></div></div></div></div></div></div></div><p class=MsoNormal><o:p> </o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On Sun, Mar 5, 2023 at 2:58 AM Verten Radio <<a href="mailto:verten@xs4all.nl">verten@xs4all.nl</a>> wrote:</p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm'><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>My icecast https stream (<a href="https://vertenradio.com:8443/stream" target="_blank">https://vertenradio.com:8443/stream</a>) does not work on a Sonos ONE player.</p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> </p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>It might have something to do with the ssl handshake.</p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> </p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>From the developer page from sonos i found this:</p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> </p><div><p style='line-height:18.0pt;background:white'><span style='font-size:12.0pt;font-family:"Arial",sans-serif;color:#222222'>Some common reasons for SSL handshake failures include:</span><o:p></o:p></p><ul type=disc><li class=MsoNormal style='color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1;background:white;box-sizing:border-box;margin:1rem'><strong><span style='font-size:12.0pt;font-family:"Helvetica",sans-serif'>Expired certificate</span></strong><span style='font-size:12.0pt;font-family:"Helvetica",sans-serif'>: Every certificate has a validity window before it expires. You need to present Sonos with unexpired certificates.</span><o:p></o:p></li><li class=MsoNormal style='color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1;background:white;box-sizing:border-box;margin:1rem'><strong><span style='font-size:12.0pt;font-family:"Helvetica",sans-serif'>DNS name mismatch</span></strong><span style='font-size:12.0pt;font-family:"Helvetica",sans-serif'>: Your certificate must match the DNS name used in the Sonos service catalog. If the URL in the Sonos service catalog is <a href="https://stremingservice.example.com/svc" target="_blank">https://stremingservice.example.com/svc</a>, then your certificate must have a subjectAltName or a Common Name matching <a href="http://streamingservice.example.com" target="_blank">streamingservice.example.com</a>. Any mismatches will cause an outage. For example, this may occur if you introduce a Content Delivery Network (CDN) into your setup as this may affect the DNS names and certificates involved.</span><o:p></o:p></li><li class=MsoNormal style='color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1;background:white;box-sizing:border-box;margin:1rem'><strong><span style='font-size:12.0pt;font-family:"Helvetica",sans-serif'>Missing intermediate CA cert</span></strong><span style='font-size:12.0pt;font-family:"Helvetica",sans-serif'>: Most certificate authorities do not issue individual server certificates directly from their root CA certificate. They often use an intermediate CA certificate. Usually, the chain looks like this:<br><em><span style='font-family:"Helvetica",sans-serif'>Root CA certificate -> Intermediate CA certificate -> Your service’s SSL server certificate.</span></em><br>In these cases, you must configure your SSL server to send Sonos the intermediate CA certificate as well as your SSL server certificate. Without this, Sonos will not be able to validate the full chain and the validation may fail.</span><o:p></o:p></li></ul><p style='line-height:18.0pt;background:white;box-sizing:border-box;margin:1.25rem;font-variant-ligatures:normal;font-variant-caps:normal;text-align:start;text-decoration-style:initial;text-decoration-color:initial;word-spacing:0px'><span style='font-size:12.0pt;font-family:"Arial",sans-serif;color:#222222'>I don’t thinks this is the case, but what could it be?</span></p><p style='line-height:18.0pt;background:white'><span style='font-size:12.0pt;font-family:"Arial",sans-serif;color:#222222'>Any answers?</span></p><p style='line-height:18.0pt;background:white'><span style='font-size:12.0pt;font-family:"Arial",sans-serif;color:#222222'>Glad to hear it, </span></p><p style='line-height:18.0pt;background:white'><span style='font-size:12.0pt;font-family:"Arial",sans-serif;color:#222222'>Regards,</span></p><p style='line-height:18.0pt;background:white'><span style='font-size:12.0pt;font-family:"Arial",sans-serif;color:#222222'> </span></p><p style='line-height:18.0pt;background:white'><span style='font-size:12.0pt;font-family:"Arial",sans-serif;color:#222222'>Johan</span></p><p style='line-height:18.0pt;background:white'><span style='font-size:12.0pt;font-family:"Arial",sans-serif;color:#222222'> </span></p><p style='line-height:18.0pt;background:white'><span style='font-size:12.0pt;font-family:"Arial",sans-serif;color:#222222'> </span></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> </p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> </p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Verzonden vanuit <a href="https://go.microsoft.com/fwlink/?LinkId=550986" target="_blank">Mail</a> voor Windows</p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> </p></div></div></div></blockquote></div><p class=MsoNormal style='margin-left:4.8pt'>_______________________________________________<br>Icecast mailing list<br><a href="mailto:Icecast@xiph.org" target="_blank">Icecast@xiph.org</a><br><a href="http://lists.xiph.org/mailman/listinfo/icecast" target="_blank">http://lists.xiph.org/mailman/listinfo/icecast</a></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>