Adding a Trusted SSL Certificate to Serviio DLNA server

Overview

Serviio is a great DLNA server which also includes the option of the ServiiGo mobile app to allow you to access your media library remotely. This functionality is included in the Pro version of Serviio.

ServiiGo can be found at the play store at https://play.google.com/store/apps/details?id=com.serviigo&hl=en_AU and Serviio itself can be downloaded from https://www.serviio.org/download.

In recent years with security updates to Android and also the ServiiGo app, you will start to receive SSL errors similar to below which would be something like Trust anchor for certification path not found.

The message looks cryptic at first but in fact is a generic java error message about an issue with the certificate. This basically means that there is a missing intermediate certificate or no trusted certificate installed at all. In most cases the default self signed cert that came with Serviio would be in use. 

I have prepared a short guide on how to install this.

Locating and extracting the Serviio.jar file

We will need to extract the text file serviio.properties from within the Serviio.jar file. 

1. Go to your machine where Serviio is installed. If it's a 64-bit Windows machine then the location is under C:\Program Files\Serviio\lib\
2. Ensure you have a .jar extraction tool. In Windows WinRAR is able to open these packages which I will be using.
3. Right click the .jar file and select  Open with > WinRAR
4. You will see a file called serviio.properties. Extract this file and put it in a safe location we will be referring to the information from the three lines below:

ssl_keystore=config/serviio.jks

ssl_keystore_keystore_password=

ssl_keystore_key_password=

Opening & Editing the Java Key Store Certificate store file

The Java Key Store is located under C:\Program Files\Serviio\config as serviio.jks (or according to the ssl_keystore= value)

We will need to use a Java Key Store viewer to open this. A good one to use is KeyStore Explorer.

1. Download KeyStore Explorer from https://keystore-explorer.org/downloads.html
2. Start KeyStore Explorer and Open the serviio.jks file by going to File->Open.
3. You will then get a prompt to enter the Keystore password. Use the value next to ssl_keystore_keystore_password= to unlock the store.
4. Right click the current default certificate and select 'unlock'. Use the value next to ssl_keystore_key_password= to unlock this.
5. Go to File->Open and open your signed certificate .pfx file. Enter it's password to open. You will now see another window with your trusted certificate.
6. Right click the certificate in your .pfx file and select unlock. Use the password in the .pfx file to open it.
7. Right click your certificate and select Copy. Go to the tab with serviio.jks and then then select Paste.
8. You should now see two certificates listed. Right click the old certificate called serviio and select delete.
9. Right click the certificate to give it an appropriate name - this should be the external FQDN of the certificate.
10. Locate any intermediate certificates required. To add these right click the certificate and select Edit Certificate Chain->Append Certificates. You should get a message stating Append Certificate Successful.
11. You will now need to change the key pair password to match the original one which would be shown next to ssl_keystore_key_password=. 
12. Select File->Save
13. You should be all done now. Stop the Serviio Service then rename the old serviio.jks and copy the serviio.jks file back to its original location.
14. Start the Serviio service