Menu

#192 Upgrade to Subsonic 6.0 breaks Custom CA Certificate Capabilities.

6.0
closed
Sindre Mehus
None
2
2024-09-08
2016-05-02
Anonymous
No

Upgraded to subsonic 6.0 and now custom CA certificates aren't loading; default self-signed subsonic certificate loads instead.

Relevant system Info
root@roxie:/var/subsonic/certs/roxie.bordell.ad# cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=12.04
DISTRIB_CODENAME=precise
DISTRIB_DESCRIPTION="Ubuntu 12.04.5 LTS"
NAME="Ubuntu"
VERSION="12.04.5 LTS, Precise Pangolin"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu precise (12.04.5 LTS)"
VERSION_ID="12.04"

root@roxie:/var/subsonic/certs/roxie.bordell.ad# java -version
java version "1.7.0_95"
OpenJDK Runtime Environment (IcedTea 2.6.4) (7u95-2.6.4-0ubuntu0.12.04.2)
OpenJDK Server VM (build 24.95-b01, mixed mode)

root@roxie:/var/subsonic/certs/roxie.bordell.ad# dpkg -l |grep subsonic
ii subsonic 6.0 A web-based music streamer, jukebox and Podcast receiver

Properties are still specified in the appropriate location.
root@roxie:/var/subsonic# grep subsonic.ssl subsonic.properties
subsonic.ssl.keystore=/var/subsonic/certs/roxie.bordell.ad/subsonic.keystore
subsonic.ssl.password=subsonic

Permissions
-rw-r--r-- 1 root root 4328 Feb 26 21:54 subsonic.keystore

Parsed cert info:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: xx
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=xx, ST=xx, L=xx, O=xx, OU=xx, CN=xx
Validity
Not Before: Feb 27 04:03:16 2016 GMT
Not After : Feb 24 04:03:16 2026 GMT
Subject: C=xx, ST=xx, L=xx, O=xx, OU=xx, CN=xx
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
...
X509v3 extensions:
Netscape Cert Type:
SSL Server
Netscape Comment:
xx
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
20:DD:45:66:B7:5E:AA:8E:97:54:E6:35:A4:1E:32:E6:80:3A:EF:63
X509v3 Authority Key Identifier:
keyid:81:F9:FA:47:5C:46:D1:00:50:84:9F:1D:0A:DC:FD:B4:F3:13:2E:25
DirName:/C=xx/ST=xx/L=xx/O=xx/OU=xx/CN=xx
serial:xx

        X509v3 Extended Key Usage: 
            TLS Web Server Authentication
        X509v3 Key Usage: 
            Digital Signature, Key Encipherment
        X509v3 CRL Distribution Points:

            Full Name:
              URI:https:xx
          Signature Algorithm: sha256WithRSAEncryption

Troubleshooting
- I have been able to manually open the keystore via keytool. Still works with 'subsonic' password.
- This was working properly before the upgrade, no problem.
- Has there been any issues discovered with the 6.0 release specific of certain certificate criteria i.e. no support for 4096 RSA? SHA256 signatures? SSL ver 3?

Discussion

  • Sindre Mehus

    Sindre Mehus - 2016-05-03

    Can you please let me know the output from "ps -elf | grep java"

    Thanks

     

    • Anonymous

      Anonymous - 2024-05-09
      Post awaiting moderation.
  • Comment has been marked as spam. 
    Undo

    View and moderate all "bugs Discussion" comments posted by this user

    Mark all as spam, and block user from posting to "Bugs"

    Anonymous

    Anonymous - 2016-05-03

    root@roxie:~# ps -elf |grep java
    0 S root 6560 1 0 80 0 - 142525 futex_ 09:25 ? 00:00:14 java -Xmx150m -Dsubsonic.home=/var/subsonic -Dsubsonic.host=0.0.0.0 -Dsubsonic.port=0 -Dsubsonic.httpsPort=4443 -Dsubsonic.contextPath=/ -Dsubsonic.defaultMusicFolder=/mnt/tvault/Music -Dsubsonic.defaultPodcastFolder=/var/music/Podcast -Dsubsonic.defaultPlaylistFolder=/var/playlists -Djava.awt.headless=true -verbose:gc -jar subsonic-booter-jar-with-dependencies.jar

     
  • Comment has been marked as spam. 
    Undo

    View and moderate all "bugs Discussion" comments posted by this user

    Mark all as spam, and block user from posting to "Bugs"

    Anonymous

    Anonymous - 2016-05-04

    I was able to provide the fix. subsonic-booter-jar-with-dependencies.jar seems to have lost my subsonic.keystore. I had to re-add it back to the .jar via zip.

     

  • Sindre Mehus

    Sindre Mehus - 2016-11-29
    • status: open --> closed
     

Anonymous
Anonymous

Add attachments
Cancel