I have been using Subsonic for a couple years now and after getting sick of the SSL warnings you receive due to the default self-signed certificate I decided to purchase a third-party cert from a trusted CA.
The installation wasn’t well documented at all (for Linux anyways), so hopefully this will help anyone that is looking to do the installation themselves. In my setup I am running Ubuntu 12.04 LTS, but this should be adaptable for any Linux install with OpenSSL and ZIP installed.
NOTE: During these instructions you will be modifying a file that Subsonic required to start. If something goes wrong you will need to re-install Subsonic, so it would be a good idea to backup the file you are modifying first:
sudo cp /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar /home//
- Purchase a certificate from a third-party CA. NameCheap.com offers $9 Comodo certificates here. Choose Apache/OpenSSL as your server type during the order.
- Generate a CSR during your order using the following command. Make sure you enter in all the required information when prompted (Country code, State/Province, City, Organization Name… etc). When prompted for Common name make sure you enter in the URL that you use to access your Subsonic server.
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
- Open the server.csr file using your favorite text editor and copy the contents, then paste in the cert order form.
- Once the order is finished you will need to wait some time for the CA to accept the request. Check your email and follow the instructions they send you.
- Once you receive your certificate you will need to combine the private key, server cert, and intermediate certs into one file. Simply open all three in a text editor and copy/paste everything into a new text file without any blank lines. I added mine in the following order:
- Private Key (myserver.key)
- Server Certificate
- Intermediate Certificate
- Save this text file as subsonic.crt
- Next, convert the cert from PEM to PKCS12 format using the following command.
openssl pkcs12 -in subsonic.crt -export -out subsonic.pkcs12
- Now that the cert has been converted into the proper format you can create the new Java keystore:
keytool -importkeystore -srckeystore subsonic.pkcs12 -destkeystore subsonic.keystore -srcstoretype PKCS12 -srcalias 1 -destalias tomcat
NOTE: If you run into issues with this step, please see Ethan’s post in the comments.
- Import the keystore into subsonic-booter-jar-with-dependencies.jar:
zip /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar subsonic.keystore
- Lastly, restart the Subsonic service to load the new certificate:
sudo service subsonic restart
Once you browse to your Subsonic site you shouldn’t get the certificate warning anymore. Please leave a comment regarding any questions, hopefully this helps!