Subsonic Forum

[MacDonals]

I need some help getting my legitimate SSL certificate installed. There are a lot of topics on this board about it, but I have not been able to resolve the issue. I will detail my steps, if anyone can help identify what I’m doing wrong I would greatly appreciate it. (Sorry in advance for the length)

<-------------------------Subsonic Help Request---------------------->
Problem Description: Implementing a valid third party SSL certificate crashes Subsonic / Jetty.
Troubleshooting Steps: FULL deployment steps are outlined below.
Playback Application and version: Standard Subsonic Web Interface
Subsonic Version: 4.9 (build 3853) – January 23, 2014
Server Version: jetty-6.1.x, java 1.7.0_51, Linux (93.7 MB / 125.0 MB)
Hardware Platform: Linux Mint 15 x64 KDE
Java Memory Limit: 200MB
Problem Filename: n/a
Output from ffmpeg -i: n/a
Last ten log file lines: n/a
<-------------------------Subsonic Help Request---------------------->


Full Steps

Setup

OS: Linux Mint 15 KDE
Subsonic 4.9
Domain: dyn.amic.com (not really)
Hostname: SMITHS

Generated a CSR
I used the following command on SMITHS and specified a challenge password when asked.

Code: Select all

openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr

I then purchased a Comodo PositiveSSL cert ($9!) using the CSR.

Certificates Received
After verifying my domain name I received a zip package containing:

Root CA Certificate - AddTrustExternalCARoot.crt
Intermediate CA Certificate - PositiveSSLCA2.crt
My PositiveSSL Certificate - dyn_amic_com.crt

I combined these three certificates into a cert chain:

Code: Select all

cat dyn_amic_com.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt > cert-chain.txt

PKCS12 File Generation
Next I created a new cert by combining my cert-chain.txt with my private key.

Code: Select all

openssl pkcs12 -inkey myserver.key -in cert-chain.txt -export -out subsonic.pkcs12

I am asked for my Export Password, I enter my challenge password. Yay, the subsonic.pkcs12 file is created.

The Keystore.
Now that I have my signed key, I load it into the keystore like so

Code: Select all

sudo keytool -importkeystore -srckeystore subsonic.pkcs12 -destkeystore /etc/ssl/certs/subsonic.keystore -srcstoretype PKCS12 -srcalias 1 -destalias subsonic

For destination keystore password I enter subsonic and for source keystore password I enter my challenge password.
Import successful.

Hey Subsonic, use THIS key
I updated the new keystore into the subsonic-booter-jar-with-dependencies.jar

Code: Select all

sudo zip /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar /etc/ssl/certs/subsonic.keystore

No errors, all looks good.

Ports Forwarded
I update my ports

Code: Select all

sudo nano /etc/default/subsonic

Set my ports

Code: Select all

SUBSONIC_ARGS="--port=4040 --https-port=4043 --max-memory=200"

I’ll restart Subsonic…

Code: Select all

sudo service subsonic restart

Then I redirect dyn.amic.com:443 external to SMITHS:4043 in my router

Update the Shell script for starting Subsonic

Code: Select all

sudo nano /usr/bin/subsonic

Down with the other -Dsubsonic entries I add

Code: Select all

-Dsubsonic.ssl.keystore=/etc/ssl/certs/subsonic.keystore \
-Dsubsonic.ssl.password=subsonic \


And once more

Code: Select all

sudo service subsonic restart

The Test & Failure
From my office I hit https://dyn.amic.com/ and get nothing. When I try to hit http://dyn.amic.com/ I get the

Code: Select all

HTTP ERROR: 404
NOT_FOUND
RequestURI=/
Powered by jetty://


What have I done wrong?

[MacDonals]

I'll answer my own question. I had a few problems apparently.

1) My cert-chain.txt file was incorrect. I should have been using my private key differently, and when I left out the Root cert it worked.

Code: Select all

cat myserver.key dyn_amic_com.crt PositiveSSLCA2.crt > subsonic.crt

2) I formated my Linux Mint box and reinstalled Ubuntu Server 12.02 LTS x64. I wasn't sure about having a CLI only OS but this has been fine.

Yay, I'm up on SSL.