how do I get emby to generate self-signed certificate?

[pwhodges 1527]

4 hours ago, Bingyyyy said:

shouldn't I get something on the emby server using:

https://127.0.0.1:8920

Certificates are tied to the domain name for which they are issued - not the IP address

Paul

[Bingie 99]

Watching emby now on my cell phone, finally got it working.

OMG that was painful, I feel like I just gave birth to a web certificate, will name it Lil Demon...

 

[Luke 37051]

On 7/21/2021 at 11:42 AM, cayars said:

Self signed certificates are not supported.

Any certificate used needs to be a legitimate certs so that the device manufactures (out of our control) will recognize the SSL cert and allow the traffic.  With a self signed cert this will fail and get blocked as it should.

Get your own domain and then you can use a free cert from Lets Encrypt or from Cloudflare if you want a CND/proxy in front of your Emby Server.

That's not true from the server's standpoint. The server can load a self-signed cert, it's just that later the client devices might end up rejecting it. It's up to the server admin to choose an appropriate source of a certificate based on the apps and devices they intend to use.

[Carlo 4330]

Server isn't the issue (but can be). The issue is hardware based client devices where the OS itself will reject the cert as not being valid (it should). If self signed certs are allowed to be used then really there isn't much point as man-in-the-middle attacks become a pretty easy way to target those devices.

However, even on the server I don't this this will work 100% of the time as it depends on the hardware the server is running on. A typical PC is one thing but if running on Android, NAS, jail or docker it might be an uphill battle getting it to work.  That's assuming the traffic even makes it from one to another as more and more routers and Internet filters will drop or reject content with improper certs.

But here's the rub and why none of that really matters. Either way you need a domain.  Once you have the domain a legit Free Cert is just a request away. 

It's also likely going to be a lot easier getting a real certificate setup properly than having to hack and change settings to use a self-signed cert.  So based on that alone there isn't much need to even consider a self-signed cert these days.  Unlike a few years ago when a cert could cost you $69-$149 depending on extension it now free.

PS look at the date of the original post. We've since added a lot of new cert handling in the Server itself that didn't exist then. Thanks in part to 9/21 fiasco by Let's Encrypt.

 

[Bingie 99]

I intentionally let the certificate expire.  If anyone does stumble across my open port when it's open (hasn't happened yet), maybe the expired cert will scare them away LOL not really worried about it, they would still have to guess passwords.