Add HTTPS functionality

If you have a suggestion for a feature, post it here
Post Reply
Stanislas
Posts: 7
Joined: Wed Jan 25, 2023 10:00 pm

Add HTTPS functionality

Post by Stanislas »

Hello, I suggest you add the possibility of being able to use the server in HTTPS
User avatar
mik_s
Moderator
Posts: 1104
Joined: Wed Aug 23, 2017 11:03 pm
Location: UK

Re: Add HTTPS functionality

Post by mik_s »

I believe there is support for HTTPS but there is no GUI options for that at the moment and I can't remember seeing any guides on how to set it up.

This is the setting in UMS.conf

Code: Select all

# Use HTTPS (SSL) for web player connection
# ----------------------------------
# Whether the web player should use HTTPS.
# To enable HTTPS, a self-signed keystore file called "UMS.jks" with password
# "umsums" must be generated using the Java 'keytool' commandline utility.
# The file must be placed in the profile folder (where this file resides).
# Default: false
web_player_https =
I think this is the keytool mentioned but don't know how to go about using it.
Logs are important for us to help, Please follow This Link before asking for support. Just a forum cleaner, Will help if I can but no expert.
Stanislas
Posts: 7
Joined: Wed Jan 25, 2023 10:00 pm

Re: Add HTTPS functionality

Post by Stanislas »

Thanks for this information, indeed I found the information in the .conf file.
Can you contact the developers or someone who knows how to use it?
I have tried many methods but it's without effect.
boss
Posts: 343
Joined: Thu Jun 30, 2016 1:07 pm

Re: Add HTTPS functionality

Post by boss »

web_player_https = true

The keygen command should be a bit different.

keytool -genkey -keyalg RSA -alias selfsigned -keystore UMS.jks -validity 360 -keysize 2048

**above is without "-storepass password" so it asks for a password when the certificate is created.**
The password to use is "umsums".

Place the created keyfile "UMS.jks" in the same directory as "UMS.conf"

I just tried it and it works on my linux server.
Stanislas
Posts: 7
Joined: Wed Jan 25, 2023 10:00 pm

Re: Add HTTPS functionality

Post by Stanislas »

Sorry, but it doesn't work for me.
I am on Windows 10 family.
I placed it in the right folder, I made the same command as you. I gave the right password
I also tried on a ubuntu virtual machine and it doesn't work too
Can you send me your UMS.jks file to try ?
User avatar
mik_s
Moderator
Posts: 1104
Joined: Wed Aug 23, 2017 11:03 pm
Location: UK

Re: Add HTTPS functionality

Post by mik_s »

I think the UMS.jks file will be unique to your system so using someone else's will not work, that is why you need to use keytool.
Also it would be like giving someone your keys to your house.
Logs are important for us to help, Please follow This Link before asking for support. Just a forum cleaner, Will help if I can but no expert.
User avatar
mik_s
Moderator
Posts: 1104
Joined: Wed Aug 23, 2017 11:03 pm
Location: UK

Re: Add HTTPS functionality

Post by mik_s »

OK I managed to get it to work on Win10.
First I opened CMD and went to the folder "C:\Program Files (x86)\Universal Media Server\jre17\bin" where the keytool is
I ran this command

Code: Select all

keytool -genkey -keyalg RSA -alias selfsigned -keystore UMS.jks -validity 360 -keysize 2048
and it promoted me to enter the password and to retype it. enter "umsums" for both.
Enter details for the certificate. I left most blank for testing.
keytool cmd.jpg
keytool cmd.jpg (57.61 KiB) Viewed 11013 times
In ums.conf make sure you enable https

Code: Select all

web_player_https =true
Copy the newly created ums.jks to "C:\ProgramData\UMS" then start UMS.

To get to the player you need to change the address to https://your_server_ip:9002
For me in Firefox this brings up the warning: potential security risk ahead message, as the certificate is self signed Firefox does not trust it.
If you click on advanced you can view the certificate and if you click Accept the risk and continue then UMS will work
Risk warning.jpg
Risk warning.jpg (47.83 KiB) Viewed 11013 times
Cert.jpg
Cert.jpg (47.16 KiB) Viewed 11013 times
Note this only seems to apply to the standalone web player. The settings are not available though https, only though http and you can change to them any time by going to https://your_server_ip:9001. port 9001 does require you to log in whereas 9002 does not need a login.

All of this is not user friendly and a bit of a pain to use but now the web settings have been done, things like this that did not have GUI options can be added and streamlined.
Logs are important for us to help, Please follow This Link before asking for support. Just a forum cleaner, Will help if I can but no expert.
Stanislas
Posts: 7
Joined: Wed Jan 25, 2023 10:00 pm

Re: Add HTTPS functionality

Post by Stanislas »

It's ok, it works, in fact I was going to the server port and I had to go to the Media Player port
Post Reply