Centova Technologies Inc.

Products and Services

Centova Cast
Customer Support
Centova Technologies
 

Centova Technologies Forum

Author Topic: Centova interface - SSL implementation queries  (Read 185 times)

Richard E

  • Newbie
  • *
  • Posts: 32
Centova interface - SSL implementation queries
« on: April 23, 2018, 08:24:43 am »
I'm preparing to follow the instructions in http://www.centova.com/doc/cast/installation_manual/08_Configuring_SSL - "Installing Your Own Certificate" and have some minor queries that I would appreciate some input on. We're running Centova Cast v3.2.8 on a CentOS 6 system.

1. If I run rpm -qa | grep -i openssl I get  openssl-1.0...x86_64
Do I also need openssl-devel installed?

2. If the setssl command to install the certificate fails for some reason, what do I do to recover (ie get back to where I started)?

Many thanks!
--Richard E

Richard E

  • Newbie
  • *
  • Posts: 32
Re: Centova interface - SSL implementation queries
« Reply #1 on: April 24, 2018, 05:28:24 am »
Further to my previous enquiry, we have received our SSL certificate package from Comodo. It consists of two files, our_domain.crt and our_domain.ca-bundle.

our_domain.crt contains a single certificate element and our_domain.ca-bundle three elements.

Should we concatenate these two files (our_domain.crt at the top) ? Or use the ca-bundle file?

What should the filename and extension be?

Thanks,
--Richard E

Richard E

  • Newbie
  • *
  • Posts: 32
Re: Centova interface - SSL implementation queries
« Reply #2 on: May 14, 2018, 02:07:53 pm »
I am pleased to say that I have successfully installed our SSL certificate and the Centova front-end login is now available securely.

However I am getting a Mixed Content warning from the Centova pages. This appears to be due to the album cover images not being retrieved securely. I am getting data such as the following:

Mixed Content: The page... was loaded over HTTPS, but requested an insecure image 'http://is5.mzstatic.com/image/thumb/Music/v4/ec/45/88/ec458862-fb73-ce21-c1bb-bd6f7e77c325/source/100x100bb.jpg'. This content should also be served over HTTPS.

Mixed Content: The page at... was loaded over HTTPS, but requested an insecure image 'http://is2.mzstatic.com/image/thumb/Music/v4/d4/ae/a9/d4aea955-7987-5080-a274-8962dc7f2290/source/100x100bb.jpg'. This content should also be served over HTTPS.

Mixed Content: The page at... was loaded over HTTPS, but requested an insecure image 'http://is5.mzstatic.com/image/thumb/Music/v4/ec/45/88/ec458862-fb73-ce21-c1bb-bd6f7e77c325/source/100x100bb.jpg'. This content should also be served over HTTPS.

It would appear that these images will display if called with https - how do we tell the system to retrieve the images via SSL?

Thanks!
-_Richard E

Richard E

  • Newbie
  • *
  • Posts: 32
Album covers returned from iTunes via http, NOT https!
« Reply #3 on: May 15, 2018, 04:16:11 am »
Looking into this more deeply, it would appear that when the album is available on iTunes, the script inserts the "buy this album" link AND gets the album cover from is*.mzstatic.com, which it calls with http and not https.

Turning off iTunes as a source for album covers in the appropriate settings does not stop it doing this.

It appears that the is*.mzstatic.com album thumbnails are entirely capable of being called by https, we just need to modify the script to allow it to do so.

Where is it?

Thanks!
--R

Roger

  • Centova Staff
  • *
  • Posts: 373
Re: Centova interface - SSL implementation queries
« Reply #4 on: May 15, 2018, 06:42:33 pm »
Hello Richard E,

The certificate been used at "is5.mzstatic.com" doesn't match the domain name unfortunately (as it is issued to a248.e.akamai.net), this means that even if the images were to be requested via SSL/Https, you will receive a security warning from your web browser anyways, and until that changes, there isn't much we can do.

If you don't want mixed-content warnings been prompted by cover images, you will need to disable all external sources under Settings > Albums, and then purge the media library.


Regards.

Richard E

  • Newbie
  • *
  • Posts: 32
Re: Centova interface - SSL implementation queries
« Reply #5 on: May 16, 2018, 02:18:47 am »
Hi, Roger and thanks for your helpful reply.

For the time being, we'll just use the text-only version of the current track widget. We previously used Marci for displaying Now Playing data on the web site, but now we're on Icecast we only get the current track and no history, which is tedious and rather reduces its value, excellent though it is as far as it goes depending on platform.

Is anyone aware of any other third-party Now Playing solutions? I ran some tests with ACRCloud which produced very positive results, but it rather seems overkill to use auto content recognition when we have metadata available most of the time!