> El vie, 25-08-2017 a las 16:49 +0000, Speagle, Andy escribió: > > Hi Folks, > > > > I’m having a problem getting a the SSL cert file formatted just like > > icecast wants… I’m running 2.4.2 … and it doesn’t seem to want to use > > my combined key + cert chain no matter in what order I put it. > > Presently, I have it in this format.. with spaces between each > > key/cert… > > > > KEY > > > > CERTCHAIN-1 > > > > CERTCHAIN-2 > > > > CERTCHAIN-3 > > > > MYCERT > > > > And… well… not sure what else to do here. I have the file owned by > > icecast:icecast … and … it should be readable in its present location… > > so, not sure what else would be wrong. > > > Firtsly, what operative system are you running ?. On Debian GNU/Linux user > icecast2 and group icecast, then icecast2:icecast.I'm on RHEL 7, so the user/group is icecast:icecast ...> Secondly, check the Icecast2's error.log looking about SSL or TLS capability. > On Debian GNU/Linux /var/log/icecast2/error.log.From the log, I get a simple: WARN connection/get_ssl_certificate Invalid cert file <my cert filepath> INFO connection/get_ssl_certificate No SSL capability on any configured ports So... not sure what else I can do here... using simple openssl verify commands I can see that the cert chain is valid... Thanks!
"Speagle, Andy" <andy.speagle at wichita.edu>Hi Andy, El lun, 28-08-2017 a las 13:46 +0000, Speagle, Andy escribió:> > El vie, 25-08-2017 a las 16:49 +0000, Speagle, Andy escribió: > > > Hi Folks, > > > > > > I’m having a problem getting a the SSL cert file formatted just > > > like > > > icecast wants… I’m running 2.4.2 … and it doesn’t seem to want to > > > use > > > my combined key + cert chain no matter in what order I put it. > > > Presently, I have it in this format.. with spaces between each > > > key/cert… > > > > > > KEY > > > > > > CERTCHAIN-1 > > > > > > CERTCHAIN-2 > > > > > > CERTCHAIN-3 > > > > > > MYCERT > > > > > > And… well… not sure what else to do here. I have the file owned > > > by > > > icecast:icecast … and … it should be readable in its present > > > location… > > > so, not sure what else would be wrong. > > > > > > > Firtsly, what operative system are you running ?. On Debian > > GNU/Linux user > > icecast2 and group icecast, then icecast2:icecast. > > I'm on RHEL 7, so the user/group is icecast:icecast ... > > > Secondly, check the Icecast2's error.log looking about SSL or TLS > > capability. > > On Debian GNU/Linux /var/log/icecast2/error.log. > > From the log, I get a simple: > > WARN connection/get_ssl_certificate Invalid cert file <my cert > filepath> > INFO connection/get_ssl_certificate No SSL capability on any > configured ports >Make sure you have set up Icecast correctly: <listen-socket> <port>8443</port> <ssl>1</ssl> </listen-socket> ... <paths> ... <ssl-certificate>/usr/share/icecast2/icecast.pem</ssl- certificate> </paths> Also, there is the possibility that Icecast2 package does not support encrypted connections via openssl. In my case I saw something similar to this: [2017-08-08 03:05:34] INFO connection/get_ssl_certificate No SSL capability Then, like solution I should have compiled Icecast with openssl support enabled. Regards. José Luis> So... not sure what else I can do here... using simple openssl verify > commands I can see that the cert chain is valid... > > Thanks! > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast
> > > > Hi Folks, > > > > > > > > I’m having a problem getting a the SSL cert file formatted just > > > > like icecast wants… I’m running 2.4.2 … and it doesn’t seem to > > > > want to use my combined key + cert chain no matter in what order I > > > > put it. > > > > Presently, I have it in this format.. with spaces between each > > > > key/cert… > > > > > > > > KEY > > > > > > > > CERTCHAIN-1 > > > > > > > > CERTCHAIN-2 > > > > > > > > CERTCHAIN-3 > > > > > > > > MYCERT > > > > > > > > And… well… not sure what else to do here. I have the file owned > > > > by icecast:icecast … and … it should be readable in its present > > > > location… so, not sure what else would be wrong. > > > > > > > > > > Firtsly, what operative system are you running ?. On Debian > > > GNU/Linux user > > > icecast2 and group icecast, then icecast2:icecast. > > > > I'm on RHEL 7, so the user/group is icecast:icecast ... > > > > > Secondly, check the Icecast2's error.log looking about SSL or TLS > > > capability. > > > On Debian GNU/Linux /var/log/icecast2/error.log. > > > > From the log, I get a simple: > > > > WARN connection/get_ssl_certificate Invalid cert file <my cert > > filepath> > > INFO connection/get_ssl_certificate No SSL capability on any > > configured ports > > > Make sure you have set up Icecast correctly: > > <listen-socket> > <port>8443</port> > <ssl>1</ssl> > </listen-socket>Yeah... it's setup properly...> <paths> > ... > <ssl-certificate>/usr/share/icecast2/icecast.pem</ssl- > certificate> > </paths>Yes... correct for me.> Also, there is the possibility that Icecast2 package does not support > encrypted connections via openssl. > In my case I saw something similar to this: > [2017-08-08 03:05:34] INFO connection/get_ssl_certificate No SSL capability > Then, like solution I should have compiled Icecast with openssl support > enabled.Well... I believe it to be setup correctly... the RPM has a libssl requirement... and the fact that it tries to check the SSL cert file indicates that it has capability...