I found this very well written guide,
so I copy it here. Hope it helps someone It is the user Dan who wrote the guide that should have all the credit;
(I copy and paste only)
I have been using Subsonic for a couple years now and after getting sick of the SSL warnings you receive due to the default self-signed certificate I decided to purchase a third-party cert from a trusted CA.
The installation wasn't well documented at all (for Linux anyways), so hopefully this will help anyone that is looking to do the installation themselves. In my setup I am running Ubuntu 12.04 LTS, but this should be adaptable for any Linux install with OpenSSL and ZIP installed.
NOTE: During these instructions you will be modifying a file that Subsonic required to start. If something goes wrong you will need to re-install Subsonic, so it would be a good idea to backup the file you are modifying first:
sudo cp /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar /home/<username>/
1. Purchase a certificate from a third-party CA. NameCheap.com offers $9 Comodo certificates here. Choose Apache/OpenSSL as your server type during the order.
2. Generate a CSR during your order using the following command. Make sure you enter in all the required information when prompted (Country code, State/Province, City, Organization Name... etc). When prompted for Common name make sure you enter in the URL that you use to access your Subsonic server.
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
3. Open the server.csr file using your favorite text editor and copy the contents, then paste in the cert order form.
4. Once the order is finished you will need to wait some time for the CA to accept the request. Check your email and follow the instructions they send you.
5. Once you receive your certificate you will need to combine the private key, server cert, and intermediate certs into one file. Simply open all three in a text editor and copy/paste everything into a new text file without any blank lines. I added mine in the following order:
Private Key (myserver.key)
6. Save this text file as subsonic.crt
7. Next, convert the cert from PEM to PKCS12 format using the following command.
openssl pkcs12 -in subsonic.crt -export -out subsonic.pkcs12
8. Now that the cert has been converted into the proper format you can create the new Java keystore:
keytool -importkeystore -srckeystore subsonic.pkcs12 -destkeystore subsonic.keystore -srcstoretype PKCS12 -srcalias 1 -destalias tomcat
9. Import the keystore into subsonic-booter-jar-with-dependencies.jar:
zip /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar subsonic.keystore
10. Lastly, restart the Subsonic service to load the new certificate:
sudo service subsonic restart
Once you browse to your Subsonic site you shouldn't get the certificate warning anymore. Please leave a comment regarding any questions, hopefully this helps!HERE BELOW IS A LITTLE Additional info, FROM ONE OF THE USERS OF THIS GUIDE
Hey! Thanks for the tutorial. I had to make a few tweaks to get it to work on my end.
First, I am using a free StartSSL-issued certificate. I added StartSSL’s additional chain certificate known as “sub.class1.ca.pem” to the other three you listed.
Second, I couldn’t get keytool to work without using a passphrase on my exported PKCS12 file. I used “subsonic” for convenience. Without using an export passphrase, I would get either the error: “keytool error: java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded” or “keytool error: java.security.UnrecoverableKeyException: Get Key failed: / by zero” depending on my later entries.
Third, the default Subsonic keystore is also protected by a passphrase: “subsonic”. When I ran the keytool, it required both a source and destination key – I entered “subsonic” for both.
Finally, Subsonic expects the alias in the keystore to be “subsonic”, not “tomcat”, which changes the keytool command. With the correct alias, Subsonic loaded the correct key and everything worked for me. Thanks again.
Here is the original thread; (http://www.fatframe.com/2012/11/25/inst ... sonic-4-7/