Search the Community
Showing results for tags 'Certificate'.
-
This certificate was specifically created to use Emby through the Microsoft Edge browser over HTTPS on port 8920, eliminating the "connection is not secure" warning. It is important to note that this certificate works properly in Edge but not in Firefox. For the certificate to function correctly, it must be installed both in the Windows Certificate Manager and on the NAS where the Emby server is hosted. Note: The domain names and IPs used here are examples (, ) and must be replaced with those corresponding to your network.example.domain.lansubdomain.local.domain 1. Generate the .crt and .key files Open the Windows terminal: Launch a terminal (Command Prompt or PowerShell) and navigate to the folder where you want to generate the files. Choose the appropriate command based on your needs: For a single domain (single SAN): openssl req -x509 -newkey rsa:2048 -sha256 -days 3650 -nodes -keyout example.domain.lan.key -out example.domain.lan.crt -subj "/CN=example.domain.lan" -addext "subjectAltName=DNS:example.domain.lan" For multiple domains and IPs (multiple SANs): openssl req -x509 -newkey rsa:2048 -sha256 -days 3650 -nodes -keyout example.domain.lan.key -out example.domain.lan.crt -subj "/CN=example.domain.lan" -addext "subjectAltName=DNS:example.domain.lan,DNS:subdomain.local.domain,IP:192.168.1.xx" Verify the results: The files and will be generated in the specified folder. example.domain.lan.crt and example.domain.lan.key 2. Create the .pfx file for Emby Use the following command to merge the and files into a file: .crt + .key = .pfx openssl pkcs12 -export -out example.domain.lan.pfx -inkey example.domain.lan.key -in example.domain.lan.crt -name "example.domain.lan" Set a password for the .pfx file: You’ll be prompted to enter and confirm a password. You can leave it blank or assign one. Note: If you assign a password, remember it, as it will be required in Emby’s settings. The file will be generated in the same folder. example.domain.lan.pfx 3. Upload the .pfx file to the NAS Transfer the file: Copy the file to a folder accessible on your NAS. example.domain.lan.pfx Ensure that Emby can access the path where the file is stored. 4. Install the .crt certificate in Windows Open the .crt file directly: Double-click on the file . example.domain.lan.crt Click the Install Certificate button. Follow the installation wizard: Select Current User as the target location. Choose Place all certificates in the following store. Click Browse and select Trusted Root Certification Authorities. Click OK, then Next, and finally Finish. Confirm the installation: A confirmation message will appear asking if you want to install the certificate. Accept to complete the installation. 5. Configure Emby with the certificate Log in to Emby and navigate to Settings → Network. Locate the section Custom SSL certificate path. Enter the path to the file you uploaded to the NAS..pfx If you set a password for the file, enter it in the corresponding field. If you left it blank, leave the field empty..pfx In Secure connection mode, select: "Preferred, but not required" (this allows connections via both HTTP and HTTPS). Click Save and restart the Emby server to apply the changes. Important Notes The domain names (, ) and IP () are examples. Replace them with the actual domains and IPs of your network.example.domain.lansubdomain.local.domain192.168.1.xx If you need to include more addresses or subdomains, add them to the field when generating the certificate. For example:subjectAltName -addext "subjectAltName=DNS:example.domain.lan,DNS:subdomain.local.domain,DNS:extra.domain.com,IP:192.168.2.xx" Credits This guide was completed with the help and insights provided by @Lessajwhose expertise made this task much easier. Thank you for your support! Final Note If there's anything I missed or ways to improve this guide, I’d greatly appreciate your feedback and insights. Sharing your knowledge or suggesting adjustments would not only help refine this guide but also assist others who might face similar challenges. Feel free to share your thoughts—I'm always open to learning and improving. Thank you in advance!
- 1 reply
-
- 3
-
- ssl
- certificate
- (and 4 more)
-
NB: This script only supports debian O/S, and debian based distributions (ubuntu etc). The script requires systemctl and apt which is present in all newer distributions. This script will probably not work as intended on Debian below v7 and Ubuntu below 14. A while back I created a script that will: Check if Apache and/or Nginx is running, and if running stop them. Disable UFW (firewall). Flush iptables. Check if certbot is installed, and if not, install it. Check if certificate is located in the emby directory, and if found, delete it. Ask for your FQDN of your emby server. Create a new certificate that's valid for 90 days. Convert the certificate to PFX and copy it to your emby directory. Ask for your emby group and user and change permissions of the PFX to the specified user (default is emby). Re-enable UFW (firewall). Re-enable Apache and/or Nginx (if it was stopped). Restart the Emby system service. After you have downloaded and placed the script on your server, you must unzip it and give the script execution permission. To do that, run the command: unzip embycert.zip && chmod +x embycert.sh This script should be run every 3 months to keep your certificate up-to-date. This script MUST be run as root with either SU or SUDO. SUDO is not native in Debian, and I would recommend to run this script it as root. NB: After installation, you must define the path to the certificate (under Network tab) which is: /var/lib/emby/emby.pfx and then again manually restart the emby server system service. Remember, if the FQDN is not typed correctly, the installation will fail, so be sure to spell it correctly, and make sure that the A record is valid and working. embycert.sh
- 8 replies
-
- ssl
- letsencrypt
-
(and 4 more)
Tagged with:
-
I have had Emby for quite a time now and recently bought Emby Premiere so I could use it on more platforms. I have my Emby server running locally on Debian and can connect remotely through my domain (assume my.domain.com). Emby works fine (with SSL) on following the devices I tested: Android app iOS app Windows Store app Xbox One app Most PCs web interface However, I could not get it working with SSL on my LG TV with WebOS 3.5 (LG OLED55B6V if it matters). It did work on a non-secure connection, but when I try to add the server as SSL connection, it simply denies connection like it doesn't even exist. Even when I log onto my Emby Connect account, it simply doesn't show the server, where all other devices do. Now I've read some problems about the SSL certificate (https://emby.media/community/index.php?/topic/57575-lg-emby-app-106-ssl-problem-connecting-to-server/), I'm currently using Comodo PostiveSSL as a certificate, which I have seen at least one other person have problems with as wel. However, I've also seen that some people with Let'sEncrypt have this problem. (https://emby.media/community/index.php?/topic/61481-unable-to-connect-over-https/) There is suggested that LG is simply blocking my certificate, but when I go to my site with the WebOS webbrowser (same certificate), it allows the certificate and shows the site as 'secure'. So somewhere the TV actually does allow the certificate. So I'm not sure where the problem resides. Also, I've shortly tested it on a PS4 from a friend. There was no app, so I used the built-in webbrowser. It also didn't seem to work there, seemed to have the same problem: simply not showing the server. Didn't have much time to test it there, so don't pin me on this. My question is: does anyone have Emby running over SSL with any certificate on LG WebOS 3.5? If so, what certificate do you use?
- 16 replies
-
- SSL
- Certificate
-
(and 5 more)
Tagged with:
-
Hi all, I am having an issue whereby I am unable to connect to my Emby Server remotely when using a domain. I have a SSL certificate that is correctly associated with the domain and works as it should. I have port forward setup on my router, and as a test I have used the external IP of my router as the external domain and this worked correctly and allowed me to access remotely. I've taken a log to show that it accepts the connection via the external IP as the external domain. If you require any further information please let me know. Thanks, Michael
- 26 replies
-
- QNAP
- Emby Server
-
(and 6 more)
Tagged with:
-
Hey! So I just finished the SSL certificate and all connections are secure BUT only when I enter my Dynamic DNS address. Not when I visit using the "app.emby.media" site on my iPhone, it shows "Not Secure". Included some pictures to show my configuration.
-
Hi, I'm unable to connect to my Emby server from my LG smart TV (webos 4.70.85) over https. Certificate is properly configured and signed (Let's Encrypt Authority X3). I have no issues with connecting using Emby app on Android, iOS and even casting to Chromecast (and I always connect over https). Do you have any idea how can I address this issue?
- 1 reply
-
- https
- certificate
-
(and 1 more)
Tagged with:
-
So I recently bought a domain and anticipated using Lets Encrypt. I had an extremely difficult time following their tutorials on how to acquire and validate a certificate but I found a YouTube video in which I created a certificate via a LAMP server on Ubuntu. The cert works fine and is verified on the LAMP server but when tried to compile the pem files in the pfx and set it up in advanced settings in my emby server, I cannot connect to my server when the settings are applied. When I remove the cert and the domain in advanced, it works again perfectly with the self signed certificate. Looking for a little help on how to get this working, maybe I didn't approach this correctly? I force all connections to HTTPS and would like to get this working so basically every other device other than a web browser and android OS can access the server.
-
I currently am using a self signed cert generated through Emby itself until I can figure out how to get a Lets Encrypt cert and ultimately get that working on my server. So when I try and connect with the official Emby Fire TV app, I cannot access the server and get an error (assuming its the common issue of the self signed certificate). However, I downloaded and installed the Android OS .apk and loaded up the android application and was able to connect to my server and accept the self signed certificate... and connect to my server no problem. The menus don't work right because it is not designed for the Fire TV, but makes me question why the FireTV app wasn't designed in the same way as it isn't a limitation by the FireTV stick in itself, its with the development of the application.
-
I purchased my own domain certificate and then I had a crazy time trying to figure out why my pfx file wouldn't work. After much reading around it seemed that in order to make it work I had to use a pfx file (cert+private key) with no password in place. For me this wasn't an option, as I'm crazy paranoid that by creating this it would then be possible for someone to get their hands on it and then somehow and then be able to compromise my sites (wildcard cert). So instead, I made Emby work with a secure pfx file. Here is my howto.... Requirements: Active Directory enabled domain A Windows Server (2012 or higher) or a Windows workstation (Windows 8 or higher) joined to the domain - I used my Emby server for this SSL Certificate - I used one I had purchased Setup Emby Service Account: 1. In Active Directory create a user account that will be used to launch the Emby service - I placed mine under Managed Service Accounts 2. On the Emby server open Control Panel and type Services 3. Locate the Emby Server service, right click on it the service and choose Properties 4. Click on the Log On tab, select "This Account" radio button and enter in the username and password you created in Step 1, click OK and then Close the Services window 5. Still inside Control Panel, click on User Accounts, then select Give other users access to this computer 6. Click Add then add the Emby user information from Step 1 and click Next 7. Select Administrator and click Next, then Finish Preparing your secured pfx file: 1. Using a Windows 2012/2012R2 Server or Windows 8/8.1/10 workstation, with Control Panel still open type "certificate" 2. Import your certificate making sure to mark it as exportable. 3. Right click on the certificate that was just imported and choose Export 4. Mark "Yes, export the private key", click Next until you reach the Security screen 5. Check the "Group or user names", this will automatically input the user you're using. Remove that user and click Add, then add the Emby user created in Step 1 in the above section. Click Next 6. Give it a filename, I would HIGHLY recommend you do NOT name it the same as your original cert/pfx file since this will be used for this situation only. Click Next, then Finish 7. Once the two things above are done then assign the key as you would normally in Emby - Advanced/Custom certificate path Finally, reboot the server/workstation. This isn't 100% needed, but I like to do it to verify everything works correctly. If you don't do this then make sure to go back into Services and start or restart the Emby Server service. Another suggestion, but not needed for this to work, is to have the certificate saved in a folder by itself (C:\Windows\EmbyCert or some other generic spot). Then edit that folders security settings removing all users except for the Emby account you created. Assign that Emby account with Read access. There you go, Emby is now using your SSL certificate, and you don't have a certificate/private key combo sitting on your machine with no protection on it. Edited to correct some grammatical and spelling errors.
-
Hi, I've tried to follow all the guides out there to add a certificate to my Emby server, unfortunately without success. Today I'm running my Emby server on Ubuntu 17.04. I own my own domain but I already use the main domain for another server that I has as a webserver. So I would like to have a sub-domain for my Emby, so I have created an address that looks like this: emby.domain.com I have managed to use free certificates on my web server via Certbot, but when I try to do the same way on my Emby server with my sub-domain I get some authentication error message. So I would really appreciate if someone would give me some really good instructions on how to install a certificate on my Emby-server. Have tried this already: https://emby.media/community/index.php?/topic/44757-setting-up-ssl-for-emby-wip/
-
I had posted about a similar issue prior and the thread was merged into another thread that really did not cover the same issue and there was never really a clear solution. I currently run an Emby server via HTTPS for secure WAN connections. Through the android app only I can only fast forward, rewind, and seek on random media playback. Sometimes it will only work for a short while until it decides it does not want to work anymore. When it does not work I can attempt to seek anywhere in the playback and it will not move to that spot but continue playing from where it currently is. If I pause and play it jumps back to its current location. If I pause and attempt to seek and hit play it jumps back to its current location. This happens on most of my media but not all, as some of my media I can seek freely through the playback. This has been a problem on my Nexus 5X, my Nexus 7, and now my Google Pixel. Also chromecast playback outside of my LAN does not work, it just says Emby on the chromecast screen, when the media is selected and said to be playing through the phone or web browser, it is not playing on the chromecast. This same problem occurs 50% of the time inside my LAN connected to the unencrypted connection. All certificates are stock to the Emby server. The problem is limited to the android app. I have not tested the iPhone app with the problem. (Side but far less important question that I am curious about is that I have the server running on a virtual machine with Windows Server 2012 installed with 16 cores dedicated to it. I see the server side settings that allows up to 8 cores selected or maximum, can the emby server take full advantage of the 16 cores I dedicated to the VM?)
- 5 replies
-
- fast forward
- rewind
-
(and 5 more)
Tagged with:
-
Hi I need help with installing a proper certificat. I have tried a number off different ways but every time the result is that the server can not be reached anymore. I therefore ask for a guide on how to create and install a proper certificate in emby on ubuntu when the port is not 443, but 9443 ( my 443 port is already occupied) /Regards
-
- certificate
- 9443
-
(and 1 more)
Tagged with:
-
Hi, I really could need some help.. I'm hosting a website on my very own server (debian latest). Bought a domain from noip.com, so I can also setup subdomains. For those I also got valid ssl certificates. My self-hosted wordpress site works well this way. Now I want to have access to Emby from "outside". https://blabla.com:8920 gives me NET::ERR_CERT_AUTHORITY_INVALID, most likely because I use my own certificate which doesn't cooperate with Emby!? https://emby.blabla.com would be nice, but how do I do that? Only got subdomains working with Apache. Also it wouldn't solve my problem, right? Trying to use my own certificate in Emby results in "ERR_CONNECTION_CLOSED". Unencrypted http works fine, but obviously I want to avoid that. So, what can I do?
-
Having a bit of an issue with ssl. I enabled https, point my web browser to my server, everything works fine. When I try to use my android clients, there are no images, and playback does not work. My server gives this error: 2015-09-25 19:00:01.3045 Error - HttpServer: Error in ProcessAccept *** Error Report *** Version: 3.0.5724.5 Command line: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe -programdata /mnt/config Operating system: Unix 3.19.3.200 Processor count: 12 64-Bit OS: True 64-Bit Process: True Program data path: /mnt/config Mono: 4.0.3 (Stable 4.0.3.20/d6946b4 Thu Aug 13 12:39:47 UTC 2015) Application Path: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe The authentication or decryption has failed. System.IO.IOException at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 InnerException: Mono.Security.Protocol.Tls.TlsException The authentication or decryption has failed. at Mono.Security.Protocol.Tls.RecordProtocol.ProcessAlert (AlertLevel alertLevel, AlertDescription alertDesc) [0x00000] in <filename unknown>:0 at Mono.Security.Protocol.Tls.RecordProtocol.ReceiveRecord (System.IO.Stream record) [0x00000] in <filename unknown>:0 at Mono.Security.Protocol.Tls.SslServerStream.EndNegotiateHandshake (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 I am trying to migrate from plex to emby, love emby so far. Can't wait to use it outside my network! Thanks! ( It seems other people have had this issue as well: https://github.com/MediaBrowser/Emby/issues/1097 )
- 14 replies
-
- ssl
- certificate
-
(and 3 more)
Tagged with: