looking111 8 Posted July 25, 2021 Share Posted July 25, 2021 Hello all, emby does not use the central certificate store of Ubuntu. I looked at the directory structure of emby and found the following directory: ca-certificates.crt /opt/emby-server/etc/ssl/certs with this file: ca-certificates.crt So I had the idea to simply put my CA in this folder. Unfortunately, the file is ignored. Should my file use a specific name or another extension? If I copy my CA directly into the file ca-certificates.crt, it works. But I suspect that this is not a good idea, as this file is overwritten from time to time during updates. Emby version 4.6.4.0 Very thanks and Best Regards looking111 Link to comment Share on other sites More sharing options...
Q-Droid 641 Posted July 25, 2021 Share Posted July 25, 2021 By your CA do you mean your own self-signed root? What are you trying to accomplish? I'd like to understand why you want Emby to have access to and use your CA. Link to comment Share on other sites More sharing options...
looking111 8 Posted July 25, 2021 Author Share Posted July 25, 2021 9 minutes ago, Q-Droid said: By your CA do you mean your own self-signed root? Yes. 10 minutes ago, Q-Droid said: What are you trying to accomplish? I'd like to understand why you want Emby to have access to and use your CA. The central firewall does an deep ssl package inspection. So it is required for emby using the internet. Link to comment Share on other sites More sharing options...
Q-Droid 641 Posted July 25, 2021 Share Posted July 25, 2021 I've never gotten an answer to which CA bundle Emby uses, host or its own. If you get one then we'll all know. Until then you might have to add it to the Emby bundle for TLS inspection. Link to comment Share on other sites More sharing options...
Luke 37058 Posted July 30, 2021 Share Posted July 30, 2021 On 7/25/2021 at 5:46 PM, Q-Droid said: I've never gotten an answer to which CA bundle Emby uses, host or its own. If you get one then we'll all know. Until then you might have to add it to the Emby bundle for TLS inspection. We are using the following bundle: https://curl.haxx.se/ca/cacert.pem We've gradually moved platforms to this bundle as we've found an issue with the system certificates, but some, like asustor, qnap (non-mono) and synology (non-mono) are still using the system ones. 2 Link to comment Share on other sites More sharing options...
Q-Droid 641 Posted July 30, 2021 Share Posted July 30, 2021 17 minutes ago, Luke said: We are using the following bundle: https://curl.haxx.se/ca/cacert.pem We've gradually moved platforms to this bundle as we've found an issue with the system certificates, but some, like asustor, qnap (non-mono) and synology (non-mono) are still using the system ones. Thanks, this helps. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now