Subsonic Forum

[j3tblk]

I spent all day on this. I can get a cert no problem but I can't get startssl to accept the file sourcing from the jar file

the "tomcat" one


I get errors about the encryption strength and this:

* An error has occured processing your private key.
* Please enter only letters and numbers!
* The Pass Phrase must have at least 10 characters and not more than 32!
* Select the "Certificates Wizard" tab and try it again.


Wow, this is silly complicated.

[SKinSF]

I successfully updated the keystore provided with the default subsonic install with a non-self-signed certificate using the following process.

I run linux, on which I use Tiny CA to manage my SSL certificates. Some time ago, I created a self-signed master CA that I only use for signing the CAs I use for signing client and server certificaes.

My first step was to create a certificate request using Tiny CA, which I then signed as a server certificate using one of my signing CAs. In Tiny CA I then selected the key associated with that server certificate and exported the key without its passphrase (PEM/PKCS#12). I also selected the export option to include the certificate in the PEM output file. This step resulted in the creation of the file subsonic-cert_key.pem that contains the subsonic server certificate and key with no passphrase protection.

Next, I converted the PEM file containing the subsonic server certificate and key to PKCS12 format:

Code: Select all

openssl pkcs12 -in subsonic-cert_key.pem -export -out subsonic.pkcs12

Note that openssl prompted for a passphrase, which I gave as subsonic.

With the certificate and key in PKCS12 format, I was then able to import them into the java keystore, subsonic.keystore:

Code: Select all

keytool -importkeystore -srckeystore subsonic.pkcs12 -destkeystore subsonic.keystore -srcstoretype PKCS12 -srcstorepass subsonic -srcalias 1 -destalias tomcat

I then updated subsonic.keystore in subsonic-booter-jar-with-dependencies.jar:

Code: Select all

zip /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar subsonic.keystore

I then restarted subsonic and tried it out. It worked.

I'm no java wizard, a google search turned up this page, http://tuohela.net/java_keystore_import, which provided me with the clues I needed.

Thank you to Hile for his Java Keystores PEM Import info!

[garyjmellor]

I wonder if you could give more details on this part:

"...My first step was to create a certificate request using Tiny CA, which I then signed as a server certificate using one of my signing CAs. In Tiny CA I then selected the key associated with that server certificate and exported the key without its passphrase (PEM/PKCS#12). I also selected the export option to include the certificate in the PEM output file. This step resulted in the creation of the file subsonic-cert_key.pem that contains the subsonic server certificate and key with no passphrase protection..."

I cannot get this to work and would really appreciate the assistance.

Thanks.

[spookybathtub]

SkinSF's instructions worked for me, with one change. I had to name the alias subsonic instead of tomcat. I suspect this is a recent change, since I'm running Subsonic 4.6. I started with separate .crt and .key files, provided from InCommon. So I just concatenated those two files to make the PEM file pair, before converting to PKCS12.

EDIT: I thought it worked, but I realized it's not completely right. I'm starting a new thread for this, because this thread is titled 4.4.beta1 and I'm using 4.6 now. viewtopic.php?f=2&t=9396