pwhodges 1534 Posted July 21, 2021 Share Posted July 21, 2021 4 hours ago, Bingyyyy said: shouldn't I get something on the emby server using: https://127.0.0.1:8920 Certificates are tied to the domain name for which they are issued - not the IP address Paul 1 1 Link to comment Share on other sites More sharing options...
Bingie 99 Posted July 21, 2021 Author Share Posted July 21, 2021 Watching emby now on my cell phone, finally got it working. OMG that was painful, I feel like I just gave birth to a web certificate, will name it Lil Demon... 2 Link to comment Share on other sites More sharing options...
Luke 37118 Posted May 16, 2022 Share Posted May 16, 2022 On 7/21/2021 at 11:42 AM, cayars said: Self signed certificates are not supported. Any certificate used needs to be a legitimate certs so that the device manufactures (out of our control) will recognize the SSL cert and allow the traffic. With a self signed cert this will fail and get blocked as it should. Get your own domain and then you can use a free cert from Lets Encrypt or from Cloudflare if you want a CND/proxy in front of your Emby Server. That's not true from the server's standpoint. The server can load a self-signed cert, it's just that later the client devices might end up rejecting it. It's up to the server admin to choose an appropriate source of a certificate based on the apps and devices they intend to use. 1 Link to comment Share on other sites More sharing options...
Carlo 4330 Posted May 16, 2022 Share Posted May 16, 2022 Server isn't the issue (but can be). The issue is hardware based client devices where the OS itself will reject the cert as not being valid (it should). If self signed certs are allowed to be used then really there isn't much point as man-in-the-middle attacks become a pretty easy way to target those devices. However, even on the server I don't this this will work 100% of the time as it depends on the hardware the server is running on. A typical PC is one thing but if running on Android, NAS, jail or docker it might be an uphill battle getting it to work. That's assuming the traffic even makes it from one to another as more and more routers and Internet filters will drop or reject content with improper certs. But here's the rub and why none of that really matters. Either way you need a domain. Once you have the domain a legit Free Cert is just a request away. It's also likely going to be a lot easier getting a real certificate setup properly than having to hack and change settings to use a self-signed cert. So based on that alone there isn't much need to even consider a self-signed cert these days. Unlike a few years ago when a cert could cost you $69-$149 depending on extension it now free. PS look at the date of the original post. We've since added a lot of new cert handling in the Server itself that didn't exist then. Thanks in part to 9/21 fiasco by Let's Encrypt. Link to comment Share on other sites More sharing options...
Bingie 99 Posted May 20, 2022 Author Share Posted May 20, 2022 I intentionally let the certificate expire. If anyone does stumble across my open port when it's open (hasn't happened yet), maybe the expired cert will scare them away LOL not really worried about it, they would still have to guess passwords. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now