Setting Up SSL for qBittorrent Web Interface

Prerequisites

Create Your SSL Certificate

  1. Launch XCA
  2. Open the PKI database if it is not already (File > Open DataBase), enter password
  3. Click on the Certificates tab, right click on your Intermediate CA certificate
  4. Select New
  5. On the Source tab, make sure Use this Certificate for signing is selected
  6. Verify your Intermediate CA certificate is selected from the drop down
  7. Click the Subject tab
  8. Complete the Distinguished Name section

    internalName: qBittorrent SSL
    countryName: US
    stateOrProvinceName: Virginia
    localityName: Northern
    organizationName: i12bretro
    organizationUnitName: i12bretro Certificate Authority
    commonName: torrent.i12bretro.local

  9. Click the Generate a New Key button
  10. Enter a name and set the key size to at least 2048
  11. Click Create
  12. Click on the Extensions tab
  13. Select End Entity from the type list
  14. Click Edit next to Subject Alternative Name
  15. Add any DNS or IP addresses that the certificate will identify
  16. Update the validity dates to fit your needs
  17. Click the Key Usage tab
  18. Under Key Usage select Digital Signature, Key Encipherment
  19. Under Extended Key Usage select Web Server and Web Client Authentication
  20. Click the Netscape tab
  21. Select SSL Server
  22. Click OK to create the certificate

Exporting Required Files

  1. In XCA, click on the Certificates tab
  2. Right click the SSL certificate > Export > File
  3. Set the file name with a .crt extension and verify the export format is PEM (*.crt)
  4. Click OK
  5. Click the Private Keys tab
  6. Right click the private key generated for the SSL certificate > Export > File
  7. Set the file name with a .key extension and verify the export format is PEM private (*.pem)
  8. Click OK

Setting Up qBittorrent

  1. Download qBittorrent Download
  2. Install qBittorrent
  3. Launch qBittorent and navigate to Tools > Options
  4. Select Web UI from the left panel
  5. Set IP address field to *
  6. Set port to 8666
  7. Check the Web User Interface (Remote Control) box
  8. Check the Use HTTPS instead of HTTP box
  9. Click the folder icon next to the Certificate field and browse to the exported .crt file
  10. Click the folder icon next to the Key field and browse to the exported .key file
  11. Change to username and password fields so they are not the default values
  12. Check the Bypass authentication for clients in whitelisted IP subnets box
  13. Click the IP subnet whitelist... button
  14. Type in your LAN IP subnet and click the Add subnet button
  15. Click OK to close the LAN IP subnet window
  16. Click Apply
  17. Click OK
  18. Open a web browser
  19. Navigate to https://DNSorIP:8666