Centova Technologies Forum

Centova Cast v2 => Technical discussion => Topic started by: dgarlock on July 08, 2020, 10:11:17 am

Title: Securing Icecast Stream with SSL
Post by: dgarlock on July 08, 2020, 10:11:17 am

Greetings:
I am in the process of switching my stations from ShoutcastV2 to Icecast2 so that I may use SSL.  I was able to install a cert from Let's Encrypt for the Centova site, and I can access the control panel with https://.  I added a listener to the server.conf as follows:
<listen-socket>
    <port>8006</port>
    <ssl>1</ssl>
  </listen-socket>
and added the path to the SSL for Centova like this:
<ssl-certificate>/usr/local/centovacast/etc/ssl/certificate.pem</ssl-certificate>
I left these lines as they were:
 <!-- You can use these two if you only want a single listener -->
     <port>8006</port>
  <bind-address>IP_address</bind-address>
I restarted the server and attempted to access the stream at https://example.com:PORT/stream.  I get a server disconnect error message.  I can access the stream at http:// -- The .pem file appears to have the cert, followed by the key.  Any ideas?  Thanks!

Title: Re: Securing Icecast Stream with SSL
Post by: oflorian on December 05, 2020, 08:56:37 am

I had the same problem.

1. the certificate file in the icecast configuration needs to contain both the certificate and the key,
or if you use letsencrypt you need to create a file containing the fullchain and the private key

2. on Debian 10 it only works with the package from Xiph org itself. neither the std-debain package nor the compiled one has ssl-support