Page 1 of 1

Add HTTPS functionality

Posted: Wed Jan 25, 2023 10:04 pm
by Stanislas
Hello, I suggest you add the possibility of being able to use the server in HTTPS

Re: Add HTTPS functionality

Posted: Thu Jan 26, 2023 5:24 am
by mik_s
I believe there is support for HTTPS but there is no GUI options for that at the moment and I can't remember seeing any guides on how to set it up.

This is the setting in UMS.conf

Code: Select all

# Use HTTPS (SSL) for web player connection
# ----------------------------------
# Whether the web player should use HTTPS.
# To enable HTTPS, a self-signed keystore file called "UMS.jks" with password
# "umsums" must be generated using the Java 'keytool' commandline utility.
# The file must be placed in the profile folder (where this file resides).
# Default: false
web_player_https =
I think this is the keytool mentioned but don't know how to go about using it.

Re: Add HTTPS functionality

Posted: Mon Jan 30, 2023 8:47 am
by Stanislas
Thanks for this information, indeed I found the information in the .conf file.
Can you contact the developers or someone who knows how to use it?
I have tried many methods but it's without effect.

Re: Add HTTPS functionality

Posted: Mon Jan 30, 2023 4:17 pm
by boss
web_player_https = true

The keygen command should be a bit different.

keytool -genkey -keyalg RSA -alias selfsigned -keystore UMS.jks -validity 360 -keysize 2048

**above is without "-storepass password" so it asks for a password when the certificate is created.**
The password to use is "umsums".

Place the created keyfile "UMS.jks" in the same directory as "UMS.conf"

I just tried it and it works on my linux server.

Re: Add HTTPS functionality

Posted: Mon Jan 30, 2023 9:16 pm
by Stanislas
Sorry, but it doesn't work for me.
I am on Windows 10 family.
I placed it in the right folder, I made the same command as you. I gave the right password
I also tried on a ubuntu virtual machine and it doesn't work too
Can you send me your UMS.jks file to try ?

Re: Add HTTPS functionality

Posted: Mon Jan 30, 2023 10:54 pm
by mik_s
I think the UMS.jks file will be unique to your system so using someone else's will not work, that is why you need to use keytool.
Also it would be like giving someone your keys to your house.

Re: Add HTTPS functionality

Posted: Tue Jan 31, 2023 12:29 am
by mik_s
OK I managed to get it to work on Win10.
First I opened CMD and went to the folder "C:\Program Files (x86)\Universal Media Server\jre17\bin" where the keytool is
I ran this command

Code: Select all

keytool -genkey -keyalg RSA -alias selfsigned -keystore UMS.jks -validity 360 -keysize 2048
and it promoted me to enter the password and to retype it. enter "umsums" for both.
Enter details for the certificate. I left most blank for testing.
keytool cmd.jpg
keytool cmd.jpg (57.61 KiB) Viewed 11058 times
In ums.conf make sure you enable https

Code: Select all

web_player_https =true
Copy the newly created ums.jks to "C:\ProgramData\UMS" then start UMS.

To get to the player you need to change the address to https://your_server_ip:9002
For me in Firefox this brings up the warning: potential security risk ahead message, as the certificate is self signed Firefox does not trust it.
If you click on advanced you can view the certificate and if you click Accept the risk and continue then UMS will work
Risk warning.jpg
Risk warning.jpg (47.83 KiB) Viewed 11058 times
Cert.jpg
Cert.jpg (47.16 KiB) Viewed 11058 times
Note this only seems to apply to the standalone web player. The settings are not available though https, only though http and you can change to them any time by going to https://your_server_ip:9001. port 9001 does require you to log in whereas 9002 does not need a login.

All of this is not user friendly and a bit of a pain to use but now the web settings have been done, things like this that did not have GUI options can be added and streamlined.

Re: Add HTTPS functionality

Posted: Tue Jan 31, 2023 5:48 am
by Stanislas
It's ok, it works, in fact I was going to the server port and I had to go to the Media Player port