skip to Main Content

I am trying to add SSL to my Icecast2 but I always get the following error:
connection/get_ssl_certificate No SSL capability

This is the installed version:

icecast2:
Installed: 2.4.4-1
Candidate: 2.4.4-1
Version table:
 2.4.4-3~bpo10+1 100
    100 http://deb.debian.org/debian buster-backports/main amd64 Packages
*** 2.4.4-1 500
    500 http://deb.debian.org/debian buster/main amd64 Packages
    100 /var/lib/dpkg/status
 2.4.4-1 500
    500 http://download.opensuse.org/repositories/multimedia:/xiph/Debian_10 ./ Packages

Can someone help me?

Thanks in advance!

2

Answers


  1. Chosen as BEST ANSWER

    The problem was that Debian alway took the official repo instead of the XIPH repo (which supports SSL) - It was solved by changing the position of the XIPH repo over the official repo in the sources.list!


  2. This worked for me, and now I’m streaming with HTTPS:

    First: You need to know if your Icecast was compiled with SSL:

    $ ldd /usr/bin/icecast | grep -i ssl
    

    You have Icecast with SSL if it returns something like this:

    libssl.so.1.1 => /lib64/libssl.so.1.1 (0x00007f9f693ad000)
    

    If not, uninstall icecast and install first of all these dependencies, then install icecast again:

    libxml2
    libxml2-devel
    libxslt
    libxslt-devel
    curl Version >= 7.10
    libcurl
    libcurl-devel
    libogg/libvorbis Version >= 1.0
    libvorbis-devel
    libogg-devel
    OpenSSL
    libtheora
    libtheora-devel
    speex
    speex-devel
    mod_ssl
    

    Second: (only for testing purposes, the right way is to have a cert from a Certificate Authority) Generate a self-signed certificate with openSSL:

    $ sudo mkdir -p /etc/ssl/private
    $ cd /etc/ssl/private
    $ sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout localdomain.key -out localdomain.crt
    

    Third: Put your certificate and private key in a single file, as Icecast requires everything in one file:

    $ sudo cat localdomain.crt localdomain.key > localdomain_pairkeys.pem
    

    Fourth: Change the owner of this file to icecast (confirm the icecast user in your /etc/passwd):

    $ sudo chown icecast:icecast localdomain_pairkeys.pem
    

    Fifth: Paste these lines in your /etc/icecast.xml

    <listen-socket>
        <port>443</port>
        <ssl>1</ssl>
        <bind-address>YOUR IP ADDRESS</bind-address>
    </listen-socket>
    

    Inside "paths" closure:

    <ssl-certificate>/etc/ssl/private/localdomain_pairkeys.pem</ssl-certificate>
        <ssl-allowed-ciphers>ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS</ssl-allowed-ciphers>
    

    Finally: Start the service (this is how I start it in Fedora, so it can listen in port 443, don’t know why but with "systemctl start icecast" it listens only in port 8000):

    $ sudo icecast -c /etc/icecast.xml
    

    That’s it, I hope it is useful!

    These pages have helped me too:
    https://www.icecast.org/docs/icecast-trunk/config_file/
    Why Icecast2 does not want to give the stream through https?
    Icecast 2 and SSL

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search