Hi Albert, your installation should not be broken. The new 2.5.1-2 package has a dependency on the ssl-cert package which should have been automatically installed for you, if you used apt-get to perform the upgrade. Did you install the new package with dpkg perhaps?

When the ssl-cert package is installed, it creates a certificate at

/etc/ssl/certs/ssl-cert-snakeoil.pem

Do you have this file on your system?

The method that the new package uses is the same as shown in http://sourcefabric.booktype.pro/airtime-25-for-broadcasters/secure-login-with-ssl/

Please let me know how you get on!

Cheers!

Daniel

Hi Albert, this is very strange. If you open up the .deb package you have downloaded, and look at the file DEBIAN/control, you should see the following lines at the top:

Package: airtime
Version: 2.5.1-2
Architecture: all
Maintainer: Daniel James <daniel@64studio.com>
Installed-Size: 24182
Pre-Depends: postgresql, python-virtualenv (>= 1.4.9)
Depends: apache2, coreutils (>= 7.5) | timeout, curl, ecasound, flac, gzip (>= 1.3.12), libapache2-mod-php5, liquidsoap (>= 1.1.1~), liquidsoap-plugin-alsa, liquidsoap-plugin-ao, liquidsoap-plugin-faad, liquidsoap-plugin-flac, liquidsoap-plugin-icecast, liquidsoap-plugin-lame, liquidsoap-plugin-mad, liquidsoap-plugin-ogg, liquidsoap-plugin-opus, liquidsoap-plugin-portaudio, liquidsoap-plugin-pulseaudio, liquidsoap-plugin-taglib, liquidsoap-plugin-voaacenc, liquidsoap-plugin-vorbis, locales, lsof, monit, mp3gain, multitail, php5-cli, php5-curl, php5-gd, php5-json, php5-pgsql, php-apc, php-pear, pwgen, python, rabbitmq-server, silan (>= 0.3.1~), ssl-cert, sudo, sysv-rc, tar (>= 1.22), unzip, vorbisgain, vorbis-tools, zendframework | libzend-framework-php, debconf (>= 0.5) | debconf-2.0, perl

I'm now wondering if your download is corrupted. Please try a checksum:

md5sum airtime_2.5.1-2_all.deb
89a7b46a3e8d0b2d77b986ec00f1b8b0  airtime_2.5.1-2_all.deb

Cheers!

Daniel

Vhost edit,

Hi Andy, the login page http://airtime.radio-wolke7.de/login is accessible from here. I'm guessing you have changed something since the above forum post, maybe gone back to the previous version of your virtualhost definition.

I did not experience this issue on my own upgrade test so I wonder if you and Albert are accessing the admin interface in a different way. If you could provide me with further clues, I will investigate.

Cheers!

Daniel

Hi Andy, the 'forbidden' message is normal when attempting to access port 80 from a remote machine if the virtualhost definition contains:

              Order deny,allow
              Deny from all
              Allow from localhost

What I would suggest is that you uncomment the port 443 section of your virtualhost definition, but leave port 80 accessible for the time being. Reload the Apache config then test that you can login via https://airtime.radio-wolke7.de/

Cheers!

Daniel

Hi Albert, if you are running 2.2 then the 'Deny from all' syntax is correct. When the package upgrade was happening, did you see a prompt about keeping the locally modified copy of a configuration file? Cheers! Daniel

OK, in that case, please send me your /etc/apache2/sites-available/airtime-vhost.conf file and I'll try to figure it out.

I'll give a little trick to all people who risk to have this problem

you need to edit /usr/share/ssl-cert/ssleay.cnf

and change

commonName                      = @HostName@

by

commonName                      = your-domain.com

and after this :

make-ssl-cert generate-default-snakeoil --force-overwrite 

Hi Roger, it is the ssl-cert package which generates the certificate, then the updated Airtime package points to that certificate in the virtualhost definition.

I did not have to perform the extra step that Albert suggests, but I think this is because my server hostname and Airtime server name are under the same domain (64studio.com in my case). I will release a new version of the package which keeps port 80 (http) available so that people have the time to resolve any SSL issues before tightening up security.

Cheers!

Daniel

Hi Albert, thanks for your insights :-) I have now released an update 2.5.1-3 to the apt server.

The main issue was that because access to port 80 was blocked for remote sites, the redirect I had put in place for the port 80 virtualhost:

Redirect permanent /login https://www.example.com/login

could not be accessed, which I believe was the cause of the blank screen and Forbidden errors described in the posts above. With the update, port 80 is open but because all requests for the root directory get forwarded to the login page, the redirect rule now has a chance to function.

Your tip to change the commonName and regenerate the certificate works for me to remove the 'The certificate is only valid for (hostname)' error from the browser, I will add this to the manual. However I expect you will still see the warning 'The certificate is not trusted because it is self-signed' unless you have already imported the certificate.

Cheers!

Daniel

Hi Albert,

If you have a known group of users it is possible to import the certificate directly into their browsers from a trusted local file, for example on a USB key. This creates a very simple web of trust, which to my way of thinking is more secure than relying on a third-party certificate authority.

I have updated http://sourcefabric.booktype.pro/airtime-25-for-broadcasters/secure-login-with-ssl/ to mention this possibility.

Thanks for the help!

Daniel

Hi, I have the same problem apparently, the upgrade broke my login section, isn't the new apache configuration compatible with custom port, I use port 8222 for airtime admin , all was working fine till the last upgrade, all airtime files are set to work on 8222 but the login site is not replying anything, would appreciate if someone can help with that