|
SageTV v7 Customizations This forums is for discussing and sharing user-created modifications for the SageTV version 7 application created by using the SageTV Studio or through the use of external plugins. Use this forum to discuss plugins for SageTV version 7 and newer. |
|
Thread Tools | Search this Thread | Display Modes |
#1
|
|||
|
|||
[HOWTO] WHS homeserver.com Certificate in Jetty...and Others
If you use Windows Home Server, you can get a free “homeserver.com” domain and a free SSL certificate for that from GoDaddy. The nice thing about that certificate over a self-signed one is that it doesn’t give a certificate warning when going to whatever service you have locally e.g. web or email service. Yes, you can install your certificate in your trusted store in most cases to get rid of the warnings, but having an “official” certificate is easier. This is especially true if you have something like a password-protected web site for family members to keep up on what the kids are doing and don’t believe is having anyone send passwords in the clear—hmmm, does Placeshifter do that???—and don’t want someone calling in a panic saying the site has been taken over because of this warning…really, it can happen!
Note that the Jetty Wiki has instructions for setting up SSL, but last I checked it was geared toward making a self-signed certificate. The point here is for those who have a certificate issued by an authority like GoDaddy trusted by default by most browsers, but are having troubles remembering how to get that trust relationship into other services.So, here are some quick notes on how you can export the free GoDaddy certificate in WHS and convert it for use in several things, (e.g. the Jetty web server for SageTV, Apache, postfix, etc.) I don't have to do it much which is why I probably forget the process and have to search the Internet each time. Also, if you reinstall WHS from scratch and not say an image, it negotiates a new certificate so you can’t just use the old files. (Maybe you can—I don’t know if they put the old ones on a revocation list.) Note that I personally have a “homeserver.com” address as well as a personal “mydomain.org” one. I use the “mydomain.org” one for everything, but it gets translated to the “homeserver.com” one to make use of the GoDaddy-issued certificate.One challenge is that you have to use the same common name, (i.e. myserver.homeserver.com), for everything or else you’ll get certificate errors. The good news is you can use URL redirection and port redirection so easy-to-remember addresses like "http://tv.mydomain.org/" get rewritten to "https://myserver.homeserver.com:8443/apps" automatically. This is not true for things like IMAP clients which have to use myserver.homeserver.com from the start, (if you run your own mail server anyway). With port redirection on the firewall, a URL (or e.g. an IMAP email client) can reach a service on a totally different server! For example, I have a webmail service on a Linux machine. I can go to "http://mail.mydomain.org/", (where mail.mydomain.org is a CNAME to myserver.homeserver.com), and have it hit my WHS server. There it gets rewritten to "https://myserver.homeserver.com:9443/mail" and then the firewall redirects port 993 to an Apache server on the Linux machine with no certificate errors. Of course that only applies if you have your own domain name and control over the DNS records! If not you may still use somewhat “easy” URLs like "http://myserver.homeserver.com/tv" to redirect, though. I. Export the homeserver.com Certificate to a PFX (PKCS12) File On the WHS server, do the following:
You will need OpenSSL and keytool. OpenSSL binaries for Windows x64 that work with WHS may be found here: http://www.openssl.org/related/binaries.html with prerequisite instructions. The keytool program is part of the Java install, which you should have if you’re running SageTV, (e.g. C:\Program Files (x86)\Java\jreX\bin\keytool.exe where X is probably 6 or 7 today). You may put these in your path, or just type out the full name e.g. C:\OpenSSL-Win64\bin\openssl. Enter the below to get CRT (same as PEM here) and KEY files, (common for things like Apache), and a keystore file for Jetty. Code:
openssl pkcs12 -in myserver_homeserver_com.pfx -out myserver_homeserver_com.crt -nokeys openssl pkcs12 -in myserver_homeserver_com.pfx -out myserver_homeserver_com.key -nocerts -nodes keytool -importkeystore -srckeystore myserver_homeserver_com.pfx -destkeystore myserver_homeserver_com.keystore -srcstoretype pkcs12 -deststoretype JKS III. Install in Jetty Just follow the Wiki: http://trac.assembla.com/sageplugins/wiki/JettyPluginSSL#. Most options are set up through the plug-in configuration screen. However I do have to stop the SageTV service and edit the Sage.properties file to add paths to the keystore as I put all certificates in a centralized WHS-location: D:\ServerFolders\Documents\Certificates. Below is (slightly edited) what my Jetty properties look like after updating with the only additions being: jetty/jetty.ssl.keypassowrd, jetty/jetty.ssl.keystore, jetty/jetty.ssl.password, jetty/jetty.trustpassword, and jetty/jetty.truststore. Code:
jetty/jetty.configfiles="C\:\\Program Files (x86)\\SageTV\\SageTV\\jetty\\etc\\jetty.xml" "C\:\\Program Files (x86)\\SageTV\\SageTV\\jetty\\etc\\jetty-ssl.xml" jetty/jetty.home=C\:\\Program Files (x86)\\SageTV\\SageTV\\jetty jetty/jetty.log.level=INFO jetty/jetty.logs=C\:\\Program Files (x86)\\SageTV\\SageTV\\jetty\\logs jetty/jetty.port=8080 jetty/jetty.ssl.keypassword=123456 jetty/jetty.ssl.keystore=D\:\\ServerFolders\\Documents\\Certificates\\myserver_homeserver_com.keystore jetty/jetty.ssl.password=123456 jetty/jetty.ssl.port=8443 jetty/jetty.ssl.trustpassword=123456 jetty/jetty.ssl.truststore=D\:\\ServerFolders\\Documents\\Certificates\\myserver_homeserver_com.keystore jetty/upnp=Manual Configuration jetty/upnp.external.http=8080 jetty/upnp.external.https=8443
__________________
Home Network: https://karylstein.com/technology.html |
#2
|
||||
|
||||
Thanks for this. I will probably be setting up WHS v1 again soon (drive issues - don't ask.) I'll try this as part of that setup.
|
#3
|
|||
|
|||
The instructions above look like it is for WHS2011 not v1 at least where it mention "C\:\\Program Files (x86)\\" which is only created on a 64bit OS. Might work with v1 (32 bit OS) don't know. Just wanted to warn you.
|
#4
|
|||
|
|||
Oops, you're right--I didn't say it was WHS2011. The process should be similar on WHSv1, though, except some differences in navigating the server/IIS manager.
__________________
Home Network: https://karylstein.com/technology.html |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Forgot Jetty Password | Podmodder | SageTV v7 Customizations | 4 | 06-11-2011 11:34 PM |
Jetty and BMT | Spectrum | SageTV v7 Customizations | 2 | 06-24-2010 08:38 PM |
running SageTV on Windows HomeServer | crusader | SageTV Software | 7 | 01-20-2010 07:38 PM |
A valid setup for HP HomeServer? | stefam | Hardware Support | 8 | 10-18-2008 12:23 AM |