Johan, the Sonos information here is spot on. You are missing the
intermediate certs.
While your stream will work fine in common browsers where the certificates
are already available, they won't necessarily work in other places.
Once you concatenate the right certificates in, DigiCert has an online tool
you can use to check that you have it correct:
https://www.digicert.com/help/ If you were on port :443, you could also
use https://www.ssllabs.com/ssltest/.
*Brad Isbell // AudioPump, Inc.*
brad at audiopump.co
On Sun, Mar 5, 2023 at 2:58?AM Verten Radio <verten at xs4all.nl> wrote:
> My icecast https stream (https://vertenradio.com:8443/stream) does not
> work on a Sonos ONE player.
>
>
>
> It might have something to do with the ssl handshake.
>
>
>
> From the developer page from sonos i found this:
>
>
>
> Some common reasons for SSL handshake failures include:
>
> - *Expired certificate*: Every certificate has a validity window
> before it expires. You need to present Sonos with unexpired
certificates.
> - *DNS name mismatch*: Your certificate must match the DNS name used
> in the Sonos service catalog. If the URL in the Sonos service catalog is
> https://stremingservice.example.com/svc, then your certificate must
> have a subjectAltName or a Common Name matching
> streamingservice.example.com. Any mismatches will cause an outage. For
> example, this may occur if you introduce a Content Delivery Network
(CDN)
> into your setup as this may affect the DNS names and certificates
involved.
> - *Missing intermediate CA cert*: Most certificate authorities do not
> issue individual server certificates directly from their root CA
> certificate. They often use an intermediate CA certificate. Usually, the
> chain looks like this:
> *Root CA certificate -> Intermediate CA certificate -> Your
service?s
> SSL server certificate.*
> In these cases, you must configure your SSL server to send Sonos the
> intermediate CA certificate as well as your SSL server certificate.
Without
> this, Sonos will not be able to validate the full chain and the
validation
> may fail.
>
> I don?t thinks this is the case, but what could it be?
>
> Any answers?
>
> Glad to hear it,
>
> Regards,
>
>
>
> Johan
>
>
>
>
>
>
>
>
>
> Verzonden vanuit Mail
<https://go.microsoft.com/fwlink/?LinkId=550986>
> voor Windows
>
>
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.xiph.org/pipermail/icecast/attachments/20230305/1eb45bfd/attachment.htm>