On 08/03/2020 16:24, Gavin Stephens wrote:> Sorry for the late update. I didn't realise the replies came and went > off list regarding this. > > I had another suggestion made to me it could still be bad pem files > and to try converting them to pfx then back to pem files, which I did, > and fortunately this fixed it. > > The error message I was getting in the Icecast log was about no > compatible ssl port. I assumed this was something more complex than a > bad certificate since an error message to that effect would have been > easier to figure out. > > I took the certificate and private key .pem files, added them together > but it didn't work until the conversion to pfx and back.Interesting. Can you show us the difference in .pem files before and after conversion (without revealing your private key, of course)? Regards, - Jeroen -- Bankai Software bv Jeroen van Oosten Telefoon: 088-2344999 E-mail: jvoosten at bankai.nl KvK inschrijving: 67066267 PGP key: B2308F8E "If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." --Red Adair
>> The error message I was getting in the Icecast log was about no >> compatible ssl port. I assumed this was something more complex than a >> bad certificate since an error message to that effect would have been >> easier to figure out. >> >> I took the certificate and private key .pem files, added them together >> but it didn't work until the conversion to pfx and back. > Interesting. Can you show us the difference in .pem files before and > after conversion (without revealing your private key, of course)? > > Regards, > > - Jeroen >The only difference I can see, is that it has added the bag attributes, issuer, country etc... before the base64 begins in plain text. I'm wondering if it was in the way the ACME client made the .pem files. I used win-acme. Gavin.
AFIK, pem is simply 1. private key 2. (most specific) certificate 3. intermediate certificates, if any in this order. at least such a pem work for my icecast 2.4 w/o problems --u Gavin Stephens:> > > > The error message I was getting in the Icecast log was about no > > > compatible ssl port. I assumed this was something more complex than a > > > bad certificate since an error message to that effect would have been > > > easier to figure out. > > > > > > I took the certificate and private key .pem files, added them together > > > but it didn't work until the conversion to pfx and back. > > Interesting. Can you show us the difference in .pem files before and > > after conversion (without revealing your private key, of course)? > > > > Regards, > > > > - Jeroen > > > The only difference I can see, is that it has added the bag attributes, > issuer, country etc... before the base64 begins in plain text. I'm wondering > if it was in the way the ACME client made the .pem files. I used win-acme. > > Gavin. > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast