Install SickGear [81] Media Apps

SickGear Wiki: Home | Reporting Issues | Frequently Answered Questions | > Install Guides <

How to: Secure connections from Kodi using a self-signed SickGear certificate

The following method succesfully tested on Windows Kodi, Linux OSMC, and Linux LibreELEC.
Note; Both SickGear repo and addon must be uninstalled from Kodi if changing from non-SSL to SSL (do keep settings)

Background; Operating systems and applications keep public certificates in "trust stores" for verifying secure connections. The Kodi application has a trust store that must be used if SSL is enabled in SickGear. SickGear creates a public self-signed certificate file when using SSL is enabled. The text certificate added to a Kodi trust store is used to verify a secure connection to a SickGear server, otherwise the repo and addon will correctly fail to install and run.

Kodi reference doc: Section 3.2.1.2 at https://kodi.wiki/view/SSL_certificates

Kodi includes its own bundle of default trusted certificate authorities in the file system/certs/cacert.pem of the Kodi installation.

• Copy the file to a new location
• Add your certificate (in PEM format) to the end of the new file
• Set the environment variable SSL_CERT_FILE to the location of that new file

This method is also usable on Linux if you do not want to change your system trust store.

SickGear conveniently creates a certificate text file in the PEM format.

To start any method;

1. Have SickGear create self-signed certificate files...
   a) enable checkbox config/Interface/SSL enable
   b) enter a path/file in field HTTPS certificate e.g. /sickgear/data/path/server.crt
   c) enter a path/file in field HTTPS key e.g. /sickgear/data/path/server.key
   d) press Save Changes to create the public self-signed certificate server.crt, and private server.key

Windows verified method;

2. Find where the Kodi cacert.pem trust store file is located
   • Windows, normally C:\Program Files (x86)\Kodi\system\certs\cacert.pem
     observe that the path fits Kodi required path... ...\kodi\system\certs\cacert.pem
3. Append created content \sickgear\data\path\server.crt^(1b) to the ...cacert.pem⁽²⁾ trust store
4. Continue at step 5

OSMC (Open Souce Media Center) verified method;

2. Copy /sickgear/data/path/server.crt^(1b) to /usr/local/share/ca-certificates/
3. Run via a SSH prompt sudo update-ca-certificates

  osmc@osmc:~$ sudo update-ca-certificates
  Updating certificates in /etc/ssl/certs...
  1 added, 0 removed; done.
  Running hooks in /etc/ca-certificates/update.d...
  done.

4. Continue at step 5

LibreELEC verified method;

1. Create a file /storage/.config/cacert.pem
2. Add created content /sickgear/data/path/server.crt^(1b) to the cacert.pem⁽¹⁾
3. Reboot
4. Continue at step 5

2. Find where the Kodi cacert.pem trust store file is located
* Shell, find / -iname cacert.pem (result; /usr/share/kodi/system/certs/cacert.pem)
observe that the path fits Kodi required path... .../kodi/system/certs/cacert.pem (LE is a symlink)
3. Append created content /sickgear/data/path/server.crt^(1b) to the ...cacert.pem⁽²⁾ trust store

To end any method;

continue here...

5. In Kodi File Manager, edit/add SickGear source with https://ip:port/kodi/ and it will add without issue
6. Install the SickGear repo with Add-ons/Install from zip file, then install from repo SickGear/Service as normal

Warning: steps 2-3 may need to be repeated whenever Kodi updates file .../kodi/system/certs/cacert.pem unless the above quoted environment variable SSL_CERT_FILE method is adopted (not on LibreELEC).

Feedback on differences to other OS and/or methods is welcome.

---