Subsonic Forum

[seanpkeown]

By default subsonic 4.4.beta1 comes with SSL built in but it looks as if everyone has the same encryption key. << I could be wrong about this.

1st.)
To change this key first stop the subsonic service then browse to.
C:\Program Files\Subsonic << for a 32bit system
or
C:\Program Files (x86)\Subsonic << for a 64bit system

2nd.)
Next drag subsonic-booter-jar-with-dependencies.jar to your desktop since some windows vista and 7 systems block this file from being edited from the C:\Program Files folder for security reasons.

3rd.)
Then from the desktop open the subsonic-booter-jar-with-dependencies.jar file with winwar or 7zip. You should now see a file called subsonic.keystore. Drag that file somewhere to back it up in case you have any problems.


4th.)
Next open command prompt and paste the following code to start creating a new encryption key making sure that you change the fields in red.

>>"C:\Program Files\Java\jre6\bin\keytool" -genkey -alias tomcat -keyalg RSA -dname "CN=domainname, OU=Subsonic, O=Loving Music Inc, L=City, S=State, C=US" -validity 3650 -keystore %USERPROFILE%\Desktop\subsonic.keystore -storepass subsonic -keypass subsonic<< Code is in between the arrows.

Code Meaning
CN=commonName "Domain Name"
OU=organizationUnit "Department or Division"
O=organizationName "Company Inc"
L=localityName "City Name"
S=stateName "State Name"
C=country "Country Code i.e US"

5th.) There should be a file called subsonic.keystore on your desktop now. With winrar or 7zip still open drag the file into the archive subsonic-booter-jar-with-dependencies.jar overwritting the old subsonic.keystore.

6th.) Then drag subsonic-booter-jar-with-dependencies.jar back to

C:\Program Files\Subsonic << for a 32bit system
or
C:\Program Files (x86)\Subsonic << for a 64bit system

7th.) Then start the subsonic service backup.




Let me know if i made any mistakes and i'll update.

Thanks,
Sean K

[seedoubleyou]

worked all the way until it was time to re-add the file with 7-Zip and received a 'memory allocation error'

tried in different folders and NG.. don't want to install Winzip simply for this..

perhaps you want to generate a custom key for us?

[seanpkeown]

worked all the way until it was time to re-add the file with 7-Zip and received a 'memory allocation error'

tried in different folders and NG.. don't want to install Winzip simply for this..

perhaps you want to generate a custom key for us?

Hi seedoubleyou,
If i created a custom key for everyone then you would still have the same problem. It would be the same as if you changed the keys on your home but then shared them with everyone. Unless you were asking me to create you a custom key?

When you went to copy the new subsonic.keystore into the subsonic-booter-jar-with-dependencies.jar did you first stop the subsonic service and then copy subsonic-booter-jar-with-dependencies.jar to your desktop? - Just wondering?

[meanaverage]

Thanks for this. This was very useful! Your instructions worked perfectly.

[seedoubleyou]

sorry..i never followed up with my solution, which was to make sure you're running the latest version of 7zip to perform the file operations. Once I updated my 7-zip installation, everything went smoothly.

thanks for your help!

[hogfan]

Has anybody got this working with a real SSL certificate yet (not a self-signed)? I don't want to generate a new RSA key. I have been able to use keytool to export my free startssl.com certificate to a .keystore file, but whenever I put that in the .JAR file after renaming it to subsonic.keystore, subsonic is able to be started, but I'm no longer able to access the web interface. Does the -alias have to be "tomcat" of the keystore file? Thanks for any help.

-hogfan

[meanaverage]

Has anybody got this working with a real SSL certificate yet (not a self-signed)? I don't want to generate a new RSA key. I have been able to use keytool to export my free startssl.com certificate to a .keystore file, but whenever I put that in the .JAR file after renaming it to subsonic.keystore, subsonic is able to be started, but I'm no longer able to access the web interface. Does the -alias have to be "tomcat" of the keystore file? Thanks for any help.

-hogfan

Hogfan, keystores are accessed via a keystore alias. If you don't use the tomcat alias for your keystore then it won't work... unless you were to change the keystore alias in subsonic -- but I have no idea where that's located.

If you do change the keystore alias (keytool -alias tomcat), I'd be interested to know if your startssl.com cert does function or if it runs into any other issues.

[Linklater]

Got it working with a legit signed key.

If you have a pfx key, use pkcs12import to get it into the java keystore. Make sure the key password, keystore password, and key alias are all "subsonic" without the quotes.

http://download.oracle.com/docs/cd/E178 ... l#wp526882

[hogfan]

Ok, well this time I'm getting something different.........I did the following:

Code: Select all

sudo keytool -import -trustcacerts -alias tomcat -file /etc/ssl/certs/mycert.crt -keystore subsonic.keystore -storepass subsonic -keypass subsonic


I put that in the .JAR and put it back in my "/usr/share/subsonic" folder and started the service back up. This time the page just keeps trying to load. Just spins and status bar says "Connected to mysite" Any suggestions? I notice the user who posted above said to use "subsonic" as the alias rather than Tomcat. Which alias should I be using for Subsonic 4.4? This is turning into a nightmare to get this working. I wanting to use a real SSL cert such a bad thing?

-hogfan

[hogfan]

Tried it again, this time using "subsonic" as the -alias when importing the key and still getting the same results.

-hogfan

[meanaverage]

Ok, well this time I'm getting something different.........I did the following:

Code: Select all

sudo keytool -import -trustcacerts -alias tomcat -file /etc/ssl/certs/mycert.crt -keystore subsonic.keystore -storepass subsonic -keypass subsonic


I put that in the .JAR and put it back in my "/usr/share/subsonic" folder and started the service back up. This time the page just keeps trying to load. Just spins and status bar says "Connected to mysite" Any suggestions? I notice the user who posted above said to use "subsonic" as the alias rather than Tomcat. Which alias should I be using for Subsonic 4.4? This is turning into a nightmare to get this working. I wanting to use a real SSL cert such a bad thing?

-hogfan

I'm not an expert on this, but since LinkLater had success, maybe try the following:

1. Convert your certificate to a PKCS12#12 format using: https://www.sslshopper.com/ssl-converter.html
2. Use PKCS12import per LinkLater's instructions.

[meanaverage]

Linklater and hogfan, which OS and version are you running this on?

[hogfan]

I'm running on Ubuntu 10.10 Server (Maverick). Subsonic version is 4.4 final.

-hogfan

[seanpkeown]

Give Portecle a try. Its a gui for the java keytool and might make it easier when creating and importing certificates.

http://portecle.sourceforge.net/


~ Sean K

[chemikalguy]

Does this work in 4.4, or does it have to be 4.4beta1? I'm trying it, but it doesn't seem to be working. I had some 7-zip errors like the previous posted, so I used WinRAR, which seemed to work. When I restarted and opened the web page, I got the same error, and it still listed the domain as *.subsonic.org. I have gotten my own StartSSL certificate, so I want to use that if I can.