Third-Party Certificate for Subsonic on Linux

This is more a reminder-post for myself, than anything else, because every year my StartSSL-Certificate expires, I need to redo this and have to look it up anew. It is based on the basically excellent writeup at fatframe.com, which has a few tiny errors and does not include the info on how to use a non-standard password. (This info I got here at konkretor. Thanks!)

  1. Get a free certificate here.
  2. Once you receive your certificate you will need to combine the private key, server cert, and intermediate certs into one file. Simply open all three in a text editor and copy/paste everything into a new text file without any blank lines. I added mine in the following order:
    Private Key (myserver.key)
    Server Certificate (myserver.ssl)
    Intermediate Certificate (sub.class1.server.ca.pem)
  3. Save this text file as subsonic.crt. Do not mess this up as I did on the first try by using cat in the wrong way, as every new part should start at a new line.
  4. Next, convert the cert from PEM to PKCS12 format using the following command. Choose any password you like. In fact, do not choose the default password of „subsonic“. Memorize that password:
    openssl pkcs12 ‑in subsonic.crt ‑export ‑out subsonic.pkcs12
  5. Use Keytool to import this new keystore:
    keytool ‑importkeystore ‑srckeystore subsonic.pkcs12 ‑destkeystore subsonic.keystore ‑srcstoretype PKCS12 ‑srcalias 1 ‑destalias subsonic
  6. use zip to import the new keystore into the subsonic jar:
    sudo zip /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar subsonic.keystore
  7. Now tell subsonic the new non-generic password: 
    1. open the subsonic starter:
      sudo nano /usr/bin/subsonic
    2. insert a line with the new password and save, at line 113ish (press alt+c to see line numbers)
      -Dsubsonic.ssl.password=123456 \
  8. Restart subsonic, and enjoy your custom SSL certifcate:
    sudo service subsonic restart

That’s all Folks!

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert