How to Change the SSL Key in Subsonic 4.4.beta1

Tutorials, tips and tricks.

Moderator: moderators

turning off ssl -sick of nags

Postby j3tblk » Sat Apr 16, 2011 1:52 am

I spent all day on this. I can get a cert no problem but I can't get startssl to accept the file sourcing from the jar file

the "tomcat" one


I get errors about the encryption strength and this:

* An error has occured processing your private key.
* Please enter only letters and numbers!
* The Pass Phrase must have at least 10 characters and not more than 32!
* Select the "Certificates Wizard" tab and try it again.


Wow, this is silly complicated.
j3tblk
 
Posts: 117
Joined: Thu Jun 03, 2010 3:51 pm

Postby SKinSF » Wed May 04, 2011 3:21 am

I successfully updated the keystore provided with the default subsonic install with a non-self-signed certificate using the following process.

I run linux, on which I use Tiny CA to manage my SSL certificates. Some time ago, I created a self-signed master CA that I only use for signing the CAs I use for signing client and server certificaes.

My first step was to create a certificate request using Tiny CA, which I then signed as a server certificate using one of my signing CAs. In Tiny CA I then selected the key associated with that server certificate and exported the key without its passphrase (PEM/PKCS#12). I also selected the export option to include the certificate in the PEM output file. This step resulted in the creation of the file subsonic-cert_key.pem that contains the subsonic server certificate and key with no passphrase protection.

Next, I converted the PEM file containing the subsonic server certificate and key to PKCS12 format:
Code: Select all
openssl pkcs12 -in subsonic-cert_key.pem -export -out subsonic.pkcs12

Note that openssl prompted for a passphrase, which I gave as subsonic.

With the certificate and key in PKCS12 format, I was then able to import them into the java keystore, subsonic.keystore:
Code: Select all
keytool -importkeystore -srckeystore subsonic.pkcs12 -destkeystore subsonic.keystore -srcstoretype PKCS12 -srcstorepass subsonic -srcalias 1 -destalias tomcat


I then updated subsonic.keystore in subsonic-booter-jar-with-dependencies.jar:
Code: Select all
zip /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar subsonic.keystore


I then restarted subsonic and tried it out. It worked.

I'm no java wizard, a google search turned up this page, http://tuohela.net/java_keystore_import, which provided me with the clues I needed.

Thank you to Hile for his Java Keystores PEM Import info!
SKinSF
 
Posts: 1
Joined: Tue May 03, 2011 4:06 pm

Postby garyjmellor » Tue May 24, 2011 12:42 pm

I wonder if you could give more details on this part:

"...My first step was to create a certificate request using Tiny CA, which I then signed as a server certificate using one of my signing CAs. In Tiny CA I then selected the key associated with that server certificate and exported the key without its passphrase (PEM/PKCS#12). I also selected the export option to include the certificate in the PEM output file. This step resulted in the creation of the file subsonic-cert_key.pem that contains the subsonic server certificate and key with no passphrase protection..."

I cannot get this to work and would really appreciate the assistance.

Thanks.
garyjmellor
 
Posts: 21
Joined: Sun May 22, 2011 12:33 pm

Success!

Postby spookybathtub » Tue Apr 24, 2012 10:30 pm

SkinSF's instructions worked for me, with one change. I had to name the alias subsonic instead of tomcat. I suspect this is a recent change, since I'm running Subsonic 4.6. I started with separate .crt and .key files, provided from InCommon. So I just concatenated those two files to make the PEM file pair, before converting to PKCS12.

EDIT: I thought it worked, but I realized it's not completely right. I'm starting a new thread for this, because this thread is titled 4.4.beta1 and I'm using 4.6 now. viewtopic.php?f=2&t=9396
spookybathtub
 
Posts: 110
Joined: Thu Oct 07, 2010 7:13 am

Previous

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 13 guests