Debian Question posted in
The oficial documentation can be found here.

Icecast2 – No SSL capability – Debian

I am trying to add SSL to my Icecast2 but I always get the following error:
connection/get_ssl_certificate No SSL capability

This is the installed version:

icecast2:
Installed: 2.4.4-1
Candidate: 2.4.4-1
Version table:
 2.4.4-3~bpo10+1 100
    100 http://deb.debian.org/debian buster-backports/main amd64 Packages
*** 2.4.4-1 500
    500 http://deb.debian.org/debian buster/main amd64 Packages
    100 /var/lib/dpkg/status
 2.4.4-1 500
    500 http://download.opensuse.org/repositories/multimedia:/xiph/Debian_10 ./ Packages

Can someone help me?

Thanks in advance!

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    The problem was that Debian alway took the official repo instead of the XIPH repo (which supports SSL) - It was solved by changing the position of the XIPH repo over the official repo in the sources.list!


  2. 0

    This worked for me, and now I’m streaming with HTTPS:

    First: You need to know if your Icecast was compiled with SSL:

    $ ldd /usr/bin/icecast | grep -i ssl

    You have Icecast with SSL if it returns something like this:

    libssl.so.1.1 => /lib64/libssl.so.1.1 (0x00007f9f693ad000)

    If not, uninstall icecast and install first of all these dependencies, then install icecast again:

    libxml2
libxml2-devel
libxslt
libxslt-devel
curl Version >= 7.10
libcurl
libcurl-devel
libogg/libvorbis Version >= 1.0
libvorbis-devel
libogg-devel
OpenSSL
libtheora
libtheora-devel
speex
speex-devel
mod_ssl

    Second: (only for testing purposes, the right way is to have a cert from a Certificate Authority) Generate a self-signed certificate with openSSL:

    $ sudo mkdir -p /etc/ssl/private
$ cd /etc/ssl/private
$ sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout localdomain.key -out localdomain.crt

    Third: Put your certificate and private key in a single file, as Icecast requires everything in one file:

    $ sudo cat localdomain.crt localdomain.key > localdomain_pairkeys.pem

    Fourth: Change the owner of this file to icecast (confirm the icecast user in your /etc/passwd):

    $ sudo chown icecast:icecast localdomain_pairkeys.pem

    Fifth: Paste these lines in your /etc/icecast.xml

    <listen-socket>
    <port>443</port>
    <ssl>1</ssl>
    <bind-address>YOUR IP ADDRESS</bind-address>
</listen-socket>

    Inside "paths" closure:

    <ssl-certificate>/etc/ssl/private/localdomain_pairkeys.pem</ssl-certificate>
    <ssl-allowed-ciphers>ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS</ssl-allowed-ciphers>

    Finally: Start the service (this is how I start it in Fedora, so it can listen in port 443, don’t know why but with "systemctl start icecast" it listens only in port 8000):

    $ sudo icecast -c /etc/icecast.xml

    That’s it, I hope it is useful!

    These pages have helped me too:
    https://www.icecast.org/docs/icecast-trunk/config_file/
    Why Icecast2 does not want to give the stream through https?
    Icecast 2 and SSL

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search