thr3ads.net - Icecast - [Icecast] SSL Setup [Aug 2017]

If this information is useful, please help other people find it:
Share via:
José Luis Artuch
2017-Aug-11 18:52 UTC
[Icecast] SSL Setup

Thanks bubba, but I am referring to the meaning of the line:
"... INFO connection/get_ssl_certificate No SSL capability"

El vie, 11-08-2017 a las 13:37 -0500, bubba watson
escribi?:> It is a server message indicator. It is used to distinguish server
> messages.
> 
> Sent from my iPhone
> 
> > On Aug 11, 2017, at 13:28, Jos? Luis Artuch <artuch at
speedy.com.ar>
> > wrote:
> > 
> > Hi !
> > Still fighting here :)
> > 
> > /var/log/icecast2/error.log
> > ...
> > [2017-08-08??03:05:34] INFO main/main Icecast 2.4.2 server started
> > [2017-08-08??03:05:34] INFO connection/get_ssl_certificate No SSL
> > capability ***
> > [2017-08-08??03:05:34] INFO yp/yp_update_thread YP update thread
> > started
> > ...
> > 
> > What exactly does *** mean ?.
> > 
> > Thanks !
> > Jos? Luis
> > 
> > > El vie, 21-07-2017 a las 19:44 +0200, Marvin Scholz escribi?:
> > > 
> > > > On 21 Jul 2017, at 19:27, Jos? Luis Artuch wrote:
> > > > 
> > > > > El vie, 21-07-2017 a las 19:07 +0200, Marvin Scholz
escribi?:
> > > > > 
> > > > > > On 21 Jul 2017, at 18:41, Jos? Luis Artuch wrote:
> > > > > > 
> > > > > > Hello !
> > > > > > 
> > > > > > > El lun, 10-07-2017 a las 09:31 +0000, Philipp
Schafft
> > > > > > > escribi?:
> > > > > > > Good morning,
> > > > > > > 
> > > > > > > 
> > > > > > > > On Mon, 2017-07-10 at 01:25 +0000,
ScanCaster wrote:
> > > > > > > > IceCast is one of the last services I
have that doesn't
> > > > > > > > connect
> > > > > > > > securely,?
> > > > > > > > and I am looking to close that hole....
> > > > > > > > [...]
> > > > > > > > OK... add a port for SSL for IceCast in
> > > > > > > > icecast.xml...path
> > > > > > > > for
> > > > > > > > cert
> > > > > > > > file?
> > > > > > > > in same.... no biggie
> > > > > > > 
> > > > > > > The <ssl-certificate> belongs in the
<paths> section of
> > > > > > > the
> > > > > > > config
> > > > > > > file.
> > > > > > > (I'm not sure what you mean with 'in
same', just wanted
> > > > > > > to
> > > > > > > make
> > > > > > > it
> > > > > > > clear.)
> > > > > > > 
> > > > > > > 
> > > > > > > > The key/cert needs to be in a dir and
file with
> > > > > > > > applicable
> > > > > > > > permissions?
> > > > > > > > for the IceCast user... no biggie..
> > > > > > > > 
> > > > > > > > chown
icecastusergroup:icecastusergroup??certfile
> > > > > > > 
> > > > > > > 
> > > > > > > > What I am looking to confirm is that the
cert file
> > > > > > > > needs to
> > > > > > > > contain:
> > > > > > > > 
> > > > > > > > -----BEGIN RSA PRIVATE KEY-----
> > > > > > > > MII
> > > > > > > > -----END RSA PRIVATE KEY-----
> > > > > > > > 
> > > > > > > > -----BEGIN CERTIFICATE-----
> > > > > > > > MI
> > > > > > > > -----END CERTIFICATE-----?
> > > > > > > > 
> > > > > > > > Where the Cert is the file/text Comodo
sends me, and
> > > > > > > > the
> > > > > > > > key is
> > > > > > > > the
> > > > > > > > one?
> > > > > > > > openssl spit out earlier,?
> > > > > > > > 
> > > > > > > > Combine them up in certfile, Correct?
Special order??
> > > > > > > > KEY
> > > > > > > > then
> > > > > > > > Cert, or v-
> > > > > > > > v? Line separating them?
> > > > > > > 
> > > > > > > The format is the OpenSSL format: key, blank
line, cert
> > > > > > > (chain).
> > > > > > > echo | cat key.pem - cert.pem > combo.pem
> > > > > > > 
> > > > > > > 
> > > > > > > > kill -HUP pidOfIcecast
> > > > > > > 
> > > > > > > As of Icecast2 2.4.x you need to restart
Icecast to
> > > > > > > reload
> > > > > > > the
> > > > > > > cert.
> > > > > > > There is however a fix in 2.5.x (development)
which is
> > > > > > > hopefully
> > > > > > > released with the next development update.
> > > > > > > 
> > > > > > > 
> > > > > > > > And good????
> > > > > > > > 
> > > > > > > > One thing can the web server spit out
just a text file
> > > > > > > > that
> > > > > > > > is
> > > > > > > > used
> > > > > > > > by?
> > > > > > > > Comodo to verify ownership of the
domain? The DNS
> > > > > > > > method
> > > > > > > > normally?
> > > > > > > > fails....
> > > > > > > 
> > > > > > > Sure. Just put it into the webroot
(<webroot> in
> > > > > > > <paths>).
> > > > > > > Icecast
> > > > > > > handles files in webroot according to your
operating
> > > > > > > system's
> > > > > > > mine-
> > > > > > > type
> > > > > > > table.
> > > > > > > 
> > > > > > 
> > > > > > On Debian 9, in the configuration file it says:
> > > > > > 
> > > > > >
<webroot>/usr/share/icecast2/web</webroot>
> > > > > >
<ssl-certificate>/usr/share/icecast2/icecast.pem</ssl-
> > > > > > certificate>
> > > > > > 
> > > > > > What should be the correct path of the icecast.pem
file ?.
> > > > > > Should it be /usr/share/icecast2/web/icecast.pem
?.
> > > > > 
> > > > > You certainly do not want to put your private key in
your
> > > > > public
> > > > > webroot...
> > > > > 
> > > > 
> > > > Thanks Marvin. Is ok into any other directory, for example
> > > > /etc/icecast2/ssl ?.
> > > 
> > > I think so, yes.
> > > 
> > > > > > 
> > > > > > Thanks.
> > > > > > > 
> > > > > > > > ie:
http://icecast.domain.invalid/somestringofletersnum
> > > > > > > > bers
> > > > > > > > .txt
> > > > > > > > That they?
> > > > > > > > request if its dumped in the webroot
stuff of Icecast?
> > > > > > > > With
> > > > > > > > out
> > > > > > > > any
> > > > > > > > XSLT?
> > > > > > > > markup?
> > > > > > > 
> > > > > > > Icecast only processes XSLT files as XSLT.
> > > > > > > 
> > > > > > > 
> > > > > > > > So if I added a listening port on 80 for
this, then
> > > > > > > > took it
> > > > > > > > away,?
> > > > > > > > since I don't use that for
Icecast... Icecast is on its
> > > > > > > > own
> > > > > > > > server
> > > > > > > > which?
> > > > > > > > does not have Apache... web stuff for
other things is
> > > > > > > > on
> > > > > > > > its
> > > > > > > > own
> > > > > > > > box. I?
> > > > > > > > never have used the Icecast to server up
anything other
> > > > > > > > than
> > > > > > > > the
> > > > > > > > default?
> > > > > > > > admin etc. stuff it does by default...
> > > > > > > 
> > > > > > > To avoid the need to run Icecast as
privileged user in
> > > > > > > oder
> > > > > > > to
> > > > > > > bind
> > > > > > > to
> > > > > > > low ports (if Comodo really insists in using
port 80) you
> > > > > > > can
> > > > > > > use
> > > > > > > your
> > > > > > > firewall to do a local redirect.
> > > > > > > 
> > > > > > > 
> > > > > > > Hope this is of help to you,
> > > > > > > 
> > > > > > > with best regards,
> > > > > > > 
> > > > > > > 
> > > > > > >
_______________________________________________
> > > > > > > Icecast mailing list
> > > > > > > Icecast at xiph.org
> > > > > > >
http://lists.xiph.org/mailman/listinfo/icecast
> > > > > > 
> > > > > > _______________________________________________
> > > > > > Icecast mailing list
> > > > > > Icecast at xiph.org
> > > > > > http://lists.xiph.org/mailman/listinfo/icecast
> > > > > 
> > > > > _______________________________________________
> > > > > Icecast mailing list
> > > > > Icecast at xiph.org
> > > > > http://lists.xiph.org/mailman/listinfo/icecast
> > > > 
> > > > _______________________________________________
> > > > Icecast mailing list
> > > > Icecast at xiph.org
> > > > http://lists.xiph.org/mailman/listinfo/icecast
> > > 
> > > _______________________________________________
> > > Icecast mailing list
> > > Icecast at xiph.org
> > > http://lists.xiph.org/mailman/listinfo/icecast
> > 
> > _______________________________________________
> > Icecast mailing list
> > Icecast at xiph.org
> > http://lists.xiph.org/mailman/listinfo/icecast
> 
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast
Apparently Analagous Threads

Search for more reasonably related threads
Icecast - Aug 2017 - SSL Setup

[Icecast] SSL Setup

Apparently Analagous Threads

Wisdom of the Ancients
