Complete guide to setting up a Free SSL Certificate from CA
Posted: Tue Jul 31, 2012 9:14 pm
To start off I purchased a domain name for my subsonic server. I chose 1&1 because I already had a hosting package with them. I then set the A-Name record to my IP address where I run my subsonic server. When running in SSL this causes the nasty nag screen saying that it is a self signed certificate...bla bla bla... And if your anything like me this bothers you. Here is your solution!
Requirements
-Subsonic Server (up and running on default self signed SSL cert) (The fact it is running on the self signed cert first will help eliminate any port forwarding/networking issues that may cause problems down the road)
-Domain Name Purchased and pointing to your subsonic server. (probably best to make sure you can access your server this way before preceding too just to eliminate it from any problem solving later)
-Root access (on Linux, the system used to create this guide, I was told that you can run all commands with sudo and then chown everything to root, but I found performing the whole task as root was easier)
How to obtain and install a free SSL Certificate from a CA
**All operations in this guide are done using the root account (or running sudo and later chowning everything to root)**
1. Register on startssl.com.
-I used class 1, it is free and works for this job
2. Validate your domain name. (very fast and easy)
3. Generate a certificate with the "Certificate Wizard". (you could also generate a certificate request and submit that and get a certificate too, just did it this way for simplicity)
-Enter a password and pick encryption level (remember your password)
-Enter domain name "domain.com" (no www.)
-For subdomain enter "www" (This will allow your certificate to be used for "domain.com" & "www.domain.com"
4. Save your key in a text file and save as ssl.key.
-make sure there is a blank line after the "-----END RSA PRIVATE KEY-----" line
-I created a folder in /home/username/subsonic/ssl-cert to save this and any other files we will need for this.
-Then I CD to the new directory.
5. While waiting for your certificate to get approved get the root and intermediate certificates.
Root
Intermediate
6. Get your nice shiny new certificate from your StartSSL toolbox. (Should be ready by now pending any issues)
-click toolbox on the left side of startssl.com > Retrieve Certificate > Pick from drop-down & click Continue.
7. Copy your entire certificate and save in a text file and save as "www.domain.com.signed.crt
-make sure there is a blank line after the "-----END CERTIFICATE-----" line
-you can replace domain with your domain name
8. Concatenate all three files into a cert-chain. (this order is very important)
9. Pack all certs into a PKCS12 file
- it will ask for passphrase for ssl.key. It is the password you set when creating the .key earlier.
-It will then ask you for an export password, use "subsonic" no quotes)
10. Pack your pkcs12 file containing your certchain and key into a java keystore file
11. Locate your "subsonic-booter-jar-with-dependencies.jar" file
-on ubuntu: /usr/share/subsonic/
-on windows 32bit: C:\Program Files\Subsonic (May need to move to desktop to edit on some versions of windows)
-on windows 64bit: C:\Program Files (x86)\Subsonic (May need to move to desktop to edit on some versions of windows)
12. Open your "subsonic-booter-jar-with-dependencies.jar" with 7-zip or like program
13. Copy the file "subsonic.keystore" to a safe location in case something goes wrong it can be replaced.
-in windows you may need to rename file "META-INF/LICENSE.txt" to "LICENSE2.txt" before you can proceed to the next step because windows doesn't count capitalization and believes there are 2 files with the same name in the directory. I'm not sure if you need to but I always renamed it back the way it was after adding my new "subsonic.keystore" file back in
14. Replace the existing "subsonic.keystore" with the new one you should have made earlier in step 10
15. Replace the edited "subsonic-booter-jar-with-dependecies.jar" back into the correct directory you got it from.
16. Restart Subsonic
17. Enjoy!
I would like to thank seanpkeown & spookybathtub for their posts on SSL Certificates! & I would like to thank StartSSL.com for their wonderful services
Links
seanpkeown's post
spookybathtub's post
Requirements
-Subsonic Server (up and running on default self signed SSL cert) (The fact it is running on the self signed cert first will help eliminate any port forwarding/networking issues that may cause problems down the road)
-Domain Name Purchased and pointing to your subsonic server. (probably best to make sure you can access your server this way before preceding too just to eliminate it from any problem solving later)
-Root access (on Linux, the system used to create this guide, I was told that you can run all commands with sudo and then chown everything to root, but I found performing the whole task as root was easier)
How to obtain and install a free SSL Certificate from a CA
**All operations in this guide are done using the root account (or running sudo and later chowning everything to root)**
1. Register on startssl.com.
-I used class 1, it is free and works for this job
2. Validate your domain name. (very fast and easy)
3. Generate a certificate with the "Certificate Wizard". (you could also generate a certificate request and submit that and get a certificate too, just did it this way for simplicity)
-Enter a password and pick encryption level (remember your password)
-Enter domain name "domain.com" (no www.)
-For subdomain enter "www" (This will allow your certificate to be used for "domain.com" & "www.domain.com"
4. Save your key in a text file and save as ssl.key.
-make sure there is a blank line after the "-----END RSA PRIVATE KEY-----" line
-I created a folder in /home/username/subsonic/ssl-cert to save this and any other files we will need for this.
-Then I CD to the new directory.
- Code: Select all
cd /home/username/subsonic/ssl-cert/
5. While waiting for your certificate to get approved get the root and intermediate certificates.
Root
- Code: Select all
wget https://www.startssl.com/certs/ca.pem
Intermediate
- Code: Select all
wget https://www.startssl.com/certs/sub.class1.server.ca.pem
6. Get your nice shiny new certificate from your StartSSL toolbox. (Should be ready by now pending any issues)
-click toolbox on the left side of startssl.com > Retrieve Certificate > Pick from drop-down & click Continue.
7. Copy your entire certificate and save in a text file and save as "www.domain.com.signed.crt
-make sure there is a blank line after the "-----END CERTIFICATE-----" line
-you can replace domain with your domain name
8. Concatenate all three files into a cert-chain. (this order is very important)
- Code: Select all
cat www.domain.com.signed.crt sub.class1.server.ca.pem ca.pem > cert-chain.txt
9. Pack all certs into a PKCS12 file
- Code: Select all
openssl pkcs12 -export -inkey ssl.key -in cert-chain.txt -out cert-chain.pkcs12
- it will ask for passphrase for ssl.key. It is the password you set when creating the .key earlier.
-It will then ask you for an export password, use "subsonic" no quotes)
10. Pack your pkcs12 file containing your certchain and key into a java keystore file
- Code: Select all
keytool -importkeystore -srckeystore cert-chain.pkcs12 -srcstoretype PKCS12 -destkeystore subsonic.keystore
11. Locate your "subsonic-booter-jar-with-dependencies.jar" file
-on ubuntu: /usr/share/subsonic/
-on windows 32bit: C:\Program Files\Subsonic (May need to move to desktop to edit on some versions of windows)
-on windows 64bit: C:\Program Files (x86)\Subsonic (May need to move to desktop to edit on some versions of windows)
12. Open your "subsonic-booter-jar-with-dependencies.jar" with 7-zip or like program
13. Copy the file "subsonic.keystore" to a safe location in case something goes wrong it can be replaced.
-in windows you may need to rename file "META-INF/LICENSE.txt" to "LICENSE2.txt" before you can proceed to the next step because windows doesn't count capitalization and believes there are 2 files with the same name in the directory. I'm not sure if you need to but I always renamed it back the way it was after adding my new "subsonic.keystore" file back in
14. Replace the existing "subsonic.keystore" with the new one you should have made earlier in step 10
15. Replace the edited "subsonic-booter-jar-with-dependecies.jar" back into the correct directory you got it from.
16. Restart Subsonic
- Code: Select all
sudo service subsonic restart
17. Enjoy!
I would like to thank seanpkeown & spookybathtub for their posts on SSL Certificates! & I would like to thank StartSSL.com for their wonderful services
Links
seanpkeown's post
spookybathtub's post