Subsonic Forum

[tonyzoc]

I have an Ubuntu box with SSL and certs from Letsencrypt. How do I take those certs and apply them in Windows 10 Subsonic installation? I did look around for help on this gut wasn't able to find anything specific.

[lonesomerider]

I have an Ubuntu box with SSL and certs from Letsencrypt. How do I take those certs and apply them in Windows 10 Subsonic installation? I did look around for help on this gut wasn't able to find anything specific.

Personally I use a Proxy Server which handles all translation from http/https to myserver.local/subsonix:4040. Like this I have to manage the certificates only in one place and have not to open up additionnal ports.
Some NAS, eg, Synology DSM or QNAP, have integrated firewall, letsencrypt and Proxy support. They would be also a good choice for an external interface, as they are simpler to set up.

For handling certificates yourself, you have to inform subsonic on how to do it:

For standalone, see http://www.subsonic.org/pages/getting-started.jsp#4

Note that Subsonic uses a self-signed https certificate by default. This provides encryption but not proper authentication. To use your own certificate you must put it in a Java keystore, then specify the following Java system properties: subsonic.ssl.keystore (path to an alternate SSL keystore), and subsonic.ssl.password (password of the alternate SSL keystore). On Windows, you can set these system properties in C:\Program Files (x86)\Subsonic\subsonic-service.exe.vmoptions. On Mac, you can add them to /Applications/Subsonic.app/Contents/Info.plist.

As you have to update the certificate on a regular base and you have your provider on a linux machine, here is an example on how to set up the whole update chain: https://vaadin.com/blog/enabling-https-in-your-java-server-using-a-free-certificate

For keystore, specially for Tomcat, see Tutorial https://community.letsencrypt.org/t/tutorial-java-keystores-jks-with-lets-encrypt/34754
, or shortly
to add you pem chain into the keystore see https://maximilian-boehm.com/en-gb/blog/create-a-java-keystore-jks-from-let-s-encrypt-certificates-1884000/ or https://gist.github.com/xkr47/920ffe94f6a4c171ee59
to add the intermediate certs, (should not be needed), see https://gist.github.com/galan/ec8b5f92dd325a97e2f66e524d28aaf8

on Tomcat you would have to make sure you use the correct certificate in the Tomcat configuration and have https enabled.

Hope this helps

[tonyzoc]

Yeah, I've stumbled across these solutions. Basically I need to migrate the certs into a java keystore file and put it into the jar file.

So what I didn't realize is that you can just check the box for https and open port 4443 and Subsonic uses an internal self signed certificate. You get the web warning, but you do gen encrypted traffic. For now I'll love with the self-signed certs.

[tonyzoc]

Yeah, I've stumbled across these solutions. Basically I need to migrate the certs into a java keystore file and put it into the jar file.

So what I didn't realize is that you can just check the box for https and open port 4443 and Subsonic uses an internal self signed certificate. You get the web warning, but you do gen encrypted traffic. For now I'll live with the self-signed certs.