Third-Party Certificate for Subsonic on Linux
This is more a reminder-post for myself, than anything else, because every year my StartSSL-Certificate expires, I need to redo this and have to look it up anew. It is based on the basically excellent writeup at fatframe.com, which has a few tiny errors and does not include the info on how to use a non-standard password. (This info I got here at konkretor. Thanks!)
- Get a free certificate here.
- Once you receive your certificate you will need to combine the private key, server cert, and intermediate certs into one file. Simply open all three in a text editor and copy/paste everything into a new text file without any blank lines. I added mine in the following order:
Private Key (myserver.key)
Server Certificate (myserver.ssl)
Intermediate Certificate (sub.class1.server.ca.pem) - Save this text file as subsonic.crt. Do not mess this up as I did on the first try by using cat in the wrong way, as every new part should start at a new line.
- Next, convert the cert from PEM to PKCS12 format using the following command. Choose any password you like. In fact, do not choose the default password of „subsonic“. Memorize that password:
openssl pkcs12 ‑in subsonic.crt ‑export ‑out subsonic.pkcs12 - Use Keytool to import this new keystore:
keytool ‑importkeystore ‑srckeystore subsonic.pkcs12 ‑destkeystore subsonic.keystore ‑srcstoretype PKCS12 ‑srcalias 1 ‑destalias subsonic - use zip to import the new keystore into the subsonic jar:
sudo zip /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar subsonic.keystore - Now tell subsonic the new non-generic password:
- open the subsonic starter:
sudo nano /usr/bin/subsonic - insert a line with the new password and save, at line 113ish (press alt+c to see line numbers)
-Dsubsonic.ssl.password=123456 \
- open the subsonic starter:
- Restart subsonic, and enjoy your custom SSL certifcate:
sudo service subsonic restart
That’s all Folks!
Schreibe einen Kommentar