Using OpenSSL to secure and encrypt your SabNZBd server traffic with self signed certificates

If you are planning on (or already have) externally published your SabNZBd server, it’s a good idea to implement SSL certificates to securely encrypt traffic going in and out of your network.  This will prevent any overzealous network admins, or even your ISP from snooping on your traffic and seeing what you are downloading.  It also makes sure things like your username and password aren’t sent in plain text traffic over network devices you aren’t in control of.

To begin with, you need access to an instance of OpenSSL.  The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.  It can be used to create self-signed certificates at no cost.  Many Linux distributions come with pre-compiled OpenSSL packages, if you have a favourite, go with that!

I didn’t have access to a linux distro, so choose to install and fire up a virtual instance of Ubuntu Desktop (ubuntu-10.04.1-desktop-amd64.iso),using a copy of VMWare server I had installed locally on my laptop.  It only takes a few minutes to install, and can be shutdown again afterwards.
Once you are in your chosen Linux distro, drop to a console/command prompt.

Launch your instance of Ubuntu and drop to a terminal prompt
Once you have a terminal session open, create yourself a working folder and CD into it.

We can then generate the SSL’s using the following commands

openssl genrsa 1024 > host.key

openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert

After running the req –new command you will be prompted to enter required information.  Most isn’t mandatory; the only one you really need to get right is the Common Name.  It is important to note, whatever common name you choose for your certificate, must match the public dns record or hostfile entry you are using to access your instance on from the internet.

For example: If you create your certificate with a common name of “” but you then access that instance at the certificate will fail as the names do not match.  The easiest way to ensure the names on your certificate match is either to utilise a static IP and your own domain name, or use a dynamic DNS service such a  You would then match the certificate name to your chosen dyndns record.
Extract the .key and .cert files from your Ubuntu/openssl instance and copy them to whatever machine is running Sabnzbd.  An easy way to do this is run “view host.key” / “view host.cert” and just clipboard copy the information to a txt file on your host machine.
Copy the 2 files into the correct location for Sabnzbd files depending on which OS you are running.

Depending on your current setup you may need to select the certificate files in Sab, enable HTTPS, and choose your SSL port.

At this point, remember, your certifcates haven’t been issued by a public trusted certificate authority, such as Verisign or Geotrust.  This means that any machine or device you use to access your sab instance will not trust your SSL certificate.  You can work around this by installing the certificate into any remote machines “trusted root authority” certificate store.  I have also installed my certificate into the certificate store of my Windows Mobile 7 phone to enable secure encrypted connection from my handset.  I will cover both below.

To install your certificate in windows XP / Windows 7 do the following.
Click start/run
Type MMC
File Add/Remove snap in
Choose Certificaes
Click Add
Click Computer Account
Click Next

Click Local Computer
Click Finish
Click OK
Expand the certificate management console and expand the Trusted Root Certificate Authorities folder.

Right click, choose all tasks and chose import.   Browse to your host.cer file and import.
To install the SSL certificate on your WP7 device do the following
There are a few documented ways to install SSL certificates on WP7 devices, the easiest way I found was the email method.  Take the host.cert  file we created earlier, rename it to host.cer and email it to yourself on an email address you can retrieve on the WP7 device.  When the email arrives, open the attachment and follow the onscreen prompts to install the certificate.
When you attempt to access your instance on the common name you specified earlier, you should have an error free encrypted connection to your instance.


  1. Thanks for the post!

    Very appreciative of this guide, works great as a way to overcome the use of unsigned certificates in Windows Phone 7.

  2. a word, kinder uggs sale immediately after seeing cheap around over, uggs bailey button sale and then began swearing to tell their pain. uggs bailey button sale suspend uggs outlet online business cheap into the disco, immediately see a lot of the body is hurt everywhere brother, standing disco inside without saying And Adon yet. cheap and did not see the crowd and the uggs bailey button sale Arab East, asked uggs bailey button sale immediately in front of a younger brother. Sal.

  3. Provided you don’t infringe any copyright, this is the perfect method ted baker dresses sale of making something truly your own. Demonstrating an understated approach to sports shoe design, Common Projects has been credited with shifting the focus away from branding and tech innovations to luxury materials and high quality construction. This year, cheap ted baker dresses the American-Italian brand branched out with a basketball range that included everything from low- to hi-tops. While the detailing and branding is kept, as expected, to an absolute minimum, the subtle differences between the brand’s classic Achilles Low and the new BBall Low ted baker outlet (punctured front detailing and simple panelling on top of a low-key sole) make the latter worth the outlay.

  4. But she could not help but have seen a thorough perspective, nose ray ban sunglasses sale uk suddenly rose, ray ban sunglasses sale uk out of the nosebleed. Amitabha, Pinseng rude. Exam bear, bear examination. ray ban sunglasses sale uk underground cheap ray bans sale uk passage soon, I do not give face, I do not rare Dali How about you. ray ban sunglasses sale uk secretly told myself a cheap ray bans sale uk hero to this situation.

  5. Vraiment ah pauvres, la maison pour le reste d'une fille de quatre ans, Louboutin soldes en ligne comment peut Louboutin soldes en ligne dans les prochains jours à mourir. Louboutin soldes en ligne La vieille dame soupira, secoua la tête et dit ceci est notre rue Liang, sa Louboutin soldes en ligne femme est gravement malade, hospitalisé le pas de l'argent emprunté à des usuriers. L'argent a Louboutin Pas Cher manqué, sa femme mourut aussi, aujourd'hui, pour faire de l'argent, et il où les ah argent.