Subsonic Forum

Hi.
I know there are a lot of different guides on this forum but all of them are made for Linux or includes steps I doesn't feel necessary.
I did this for over a year ago but since my certificate expired I thought I could do a small guide since I needed to do it again.
I have now setup this for myself on Virtual Machine running Windows Server 2012. This is a rather rough guide how to set it up, I expect you know how to adapt it to your own environment.
First you should have a Subsonic up and running already with a selfsigned certificate.

1. Create a free (or bought)Certificate at Startssl.com. Save the .key-file and .cert-file to a folder, I use C:\SSL\. Creating the certificate includes a lot of steps but Startssl guides you through it all.
2. In the Control Panel at Startsssl you go to the Tool Box. Use the option "Create PKCS#12 (PFX) File", create the certificate with your key and cert-file. Save the cert to C:\SSL\cert.p12.
3. If you use JRE6 for your java you start a command prompt and go to "C:\Program Files\Java\jre6\bin". Type "keytool -importkeystore -srckeystore C:\SSL\cert.p12 -srcstoretype PKCS12 -destkeystore C:\SSL\subsonic.keystore".
4. Stop Subsonic service. Got to Program Files/Subsonic, open subsonic-service.exe.vmoptions in notepad.
Add these lines to the end of the file....

-Dsubsonic.ssl.keystore=C:\SSL\subsonic.keystore
-Dsubsonic.ssl.password=yourcertpasswordsetinstep3

Save file. Start subsonic service.

Voila, you got a working certificate.

Cheers.

/Johan Gill
wwww.gill.nu

Awesome guide. Worked like a charm. Thanks for writing this up!

I wanted to make a couple additions in case it helps someone else. I'm running subsonic on Windows Server 2012 R2 Essentials. After setting up my server for remote access (via *.remotewebaccess.com), a certificate was created automatically for <myserver>.remotewebaccess.com which I was able to re-use for Subsonic via the following steps:

1. Start "MMC.exe" (Windows+R, type MMC.exe, hit Enter)
2. Ctrl+M (Add Snap-In), select "Certificates" on the left, click "Add", select "Computer account", then "Local Computer", then "Finish", then "OK"
3. Navigate on the left menu to Certificates->Personal->Certificates
4. From the right pane, right-click on <yourserver>.remotewebaccess.com, then "All tasks...", then "Export"
5. Click "Next", Choose "Yes, export the private key", choose "PKCS #12" format, click "Next", choose a password (e.g. "subsonic")
6. Save the file somewhere (e.g. C:\Subsonic\subsonic.pfx)
7. Follow the steps outlined in the original post starting from #3, using the recently exported certificate as the source store.

Assuming Subsonic is listening on port 4443 (SSL) and you've properly configured your router for remote web access to work, you can now access subsonic via https://<yourserver>.remotewebaccess.com:4443 without any certificate complains from the browser.

After several years of the certificate warning I decided to do this. I have the cert ready and I purchased from namescheap. However, they are asking me to stick a txt file in the web root. I this just c:/Subsonic ? I have to have txt file in so they can verify me. I've stuck that txt file in quite a few locations and I'm not able to access from a browswer yet.

zeroth wrote:After several years of the certificate warning I decided to do this. I have the cert ready and I purchased from namescheap. However, they are asking me to stick a txt file in the web root. I this just c:/Subsonic ? I have to have txt file in so they can verify me. I've stuck that txt file in quite a few locations and I'm not able to access from a browswer yet.

Hi.
The reason they ask you to put a a txt file in the web root is probably to verify you are the owner of the domain. Do they not have any other way to verify your ownership? Usually they can do this with email to admin@yourhostname.xxx or something similar.
If you must put a txt file in your web root I guess the easiest way is to start a IIS and let them verify it that way. Talk with their support if they got any alternatives.

Good Luck!

/Johan Gill
https://subsonic.gill.nu