Search the Community
Showing results for tags 'cert'.
carlbme posted a topic in General/WindowsI purchased my own domain certificate and then I had a crazy time trying to figure out why my pfx file wouldn't work. After much reading around it seemed that in order to make it work I had to use a pfx file (cert+private key) with no password in place. For me this wasn't an option, as I'm crazy paranoid that by creating this it would then be possible for someone to get their hands on it and then somehow and then be able to compromise my sites (wildcard cert). So instead, I made Emby work with a secure pfx file. Here is my howto.... Requirements: Active Directory enabled domain A Windows Server (2012 or higher) or a Windows workstation (Windows 8 or higher) joined to the domain - I used my Emby server for this SSL Certificate - I used one I had purchased Setup Emby Service Account: 1. In Active Directory create a user account that will be used to launch the Emby service - I placed mine under Managed Service Accounts 2. On the Emby server open Control Panel and type Services 3. Locate the Emby Server service, right click on it the service and choose Properties 4. Click on the Log On tab, select "This Account" radio button and enter in the username and password you created in Step 1, click OK and then Close the Services window 5. Still inside Control Panel, click on User Accounts, then select Give other users access to this computer 6. Click Add then add the Emby user information from Step 1 and click Next 7. Select Administrator and click Next, then Finish Preparing your secured pfx file: 1. Using a Windows 2012/2012R2 Server or Windows 8/8.1/10 workstation, with Control Panel still open type "certificate" 2. Import your certificate making sure to mark it as exportable. 3. Right click on the certificate that was just imported and choose Export 4. Mark "Yes, export the private key", click Next until you reach the Security screen 5. Check the "Group or user names", this will automatically input the user you're using. Remove that user and click Add, then add the Emby user created in Step 1 in the above section. Click Next 6. Give it a filename, I would HIGHLY recommend you do NOT name it the same as your original cert/pfx file since this will be used for this situation only. Click Next, then Finish 7. Once the two things above are done then assign the key as you would normally in Emby - Advanced/Custom certificate path Finally, reboot the server/workstation. This isn't 100% needed, but I like to do it to verify everything works correctly. If you don't do this then make sure to go back into Services and start or restart the Emby Server service. Another suggestion, but not needed for this to work, is to have the certificate saved in a folder by itself (C:\Windows\EmbyCert or some other generic spot). Then edit that folders security settings removing all users except for the Emby account you created. Assign that Emby account with Read access. There you go, Emby is now using your SSL certificate, and you don't have a certificate/private key combo sitting on your machine with no protection on it. Edited to correct some grammatical and spelling errors.