I have been using Subsonic for a couple years now and after getting sick of the SSL warnings you receive due to the default self-signed certificate I decided to purchase a third-party cert from a trusted CA.
The installation wasn’t well documented at all (for Linux anyways), so hopefully this will help anyone that is looking to do the installation themselves. In my setup I am running Ubuntu 12.04 LTS, but this should be adaptable for any Linux install with OpenSSL and ZIP installed.
NOTE: During these instructions you will be modifying a file that Subsonic required to start. If something goes wrong you will need to re-install Subsonic, so it would be a good idea to backup the file you are modifying first:
sudo cp /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar /home//
- Purchase a certificate from a third-party CA. NameCheap.com offers $9 Comodo certificates here. Choose Apache/OpenSSL as your server type during the order.
Generate a CSR during your order using the following command. Make sure you enter in all the required information when prompted (Country code, State/Province, City, Organization Name… etc). When prompted for Common name make sure you enter in the URL that you use to access your Subsonic server.
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
Open the server.csr file using your favorite text editor and copy the contents, then paste in the cert order form.
Once the order is finished you will need to wait some time for the CA to accept the request. Check your email and follow the instructions they send you.
Once you receive your certificate you will need to combine the private key, server cert, and intermediate certs into one file. Simply open all three in a text editor and copy/paste everything into a new text file without any blank lines. I added mine in the following order:
- Private Key (myserver.key)
- Server Certificate
- Intermediate Certificate
Save this text file as subsonic.crt
Next, convert the cert from PEM to PKCS12 format using the following command.
openssl pkcs12 -in subsonic.crt -export -out subsonic.pkcs12
Now that the cert has been converted into the proper format you can create the new Java keystore:
keytool -importkeystore -srckeystore subsonic.pkcs12 -destkeystore subsonic.keystore -srcstoretype PKCS12 -srcalias 1 -destalias tomcat
NOTE: If you run into issues with this step, please see Ethan’s post in the comments.
Import the keystore into subsonic-booter-jar-with-dependencies.jar:
zip /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar subsonic.keystore
Lastly, restart the Subsonic service to load the new certificate:
sudo service subsonic restart
Once you browse to your Subsonic site you shouldn’t get the certificate warning anymore. Please leave a comment regarding any questions, hopefully this helps!