requa3r0 10 Posted May 16, 2022 Share Posted May 16, 2022 (edited) Hi I have tried to setup SSL for some time now on 2 different android boxes. Both The new Beelink GT king The certificate is generated in the new version of termux from f-droid with these guides (tried both) It normally works right out of the box, but not any more. 1:https://www.adamintech.com/how-to-configure-emby-for-https/ 2: https://www.ibm.com/docs/en/api-connect/2018.x?topic=overview-generating-self-signed-certificate-using-openssl&fbclid=IwAR1r_i7UZhf30AcCpSd6SvydCuHgad74BG4NiVz7RILDKlFBa60DGMSUDf4 Did something change? Error: 2022-05-16 20:34:56.657 Error App: Error loading cert from /storage/emulated/0/Download/certs/emby.p12 * Error Report * I have tryed everyting, but the certificate will not load and the port does not change to 8920 on WAN. NB: I have to place the certificate in a location both termux and emby can see. If I run the termux command termux-setup-storage I get access to storage and downloads. But...for some reason its called /Download/certs in Emby I don't get a fail to locate the file though..so I guess its just the emulated android sdcard nonsense, and not an issue. locatkion in EMBY /storage/emulated/0/Download/certs/emby.p12 cert check in termux ~/.../downloads/certs $ openssl pkcs12 -in emby.p12 -noout -info Enter Import Password: MAC: sha256, Iteration 2048 MAC length: 32, salt length: 8 PKCS7 Encrypted data: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256 Certificate bag PKCS7 Data Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256 Edited May 16, 2022 by requa3r0 more info Link to comment Share on other sites More sharing options...
GrimReaper 3309 Posted May 16, 2022 Share Posted May 16, 2022 AFAIK this still stands: Link to comment Share on other sites More sharing options...
Luke 37116 Posted May 16, 2022 Share Posted May 16, 2022 21 minutes ago, GrimReaper said: AFAIK this still stands: That's not true from the server's standpoint. The server can load a self-signed cert, it's just that later the client devices might end up rejecting it. It's up to the server admin to choose an appropriate source of a certificate based on the apps and devices they intend to use. Link to comment Share on other sites More sharing options...
requa3r0 10 Posted May 16, 2022 Author Share Posted May 16, 2022 (edited) It must be an android thing, because I have used self signed certs for years. And it worked on my last android box i set up ?? That is really bad news ;O( @Luke The emby server does not load the cert. Can it be a bug then. Im sure the cert is fine. It used to work. Edited May 16, 2022 by requa3r0 Link to comment Share on other sites More sharing options...
Luke 37116 Posted May 16, 2022 Share Posted May 16, 2022 5 minutes ago, requa3r0 said: It must be an android thing, because I have used self signed certs for years. And it worked on my last android box i set up ?? That is really bad news ;O( @Luke The emby server does not load the cert. Can it be a bug then. Im sure the cert is fine. It used to work. Try converting to pfx. and/or try putting it underneath the server's program data folder to rule out a file access problem. It's possible the server doesn't have permission to read the directory you've put it in. Link to comment Share on other sites More sharing options...
requa3r0 10 Posted May 16, 2022 Author Share Posted May 16, 2022 Can anyone see something in the logfile Some help woud great ;O) embyserver.txt Link to comment Share on other sites More sharing options...
requa3r0 10 Posted May 16, 2022 Author Share Posted May 16, 2022 Its a bit hard to figure the file system out on android..but ill give a try Perhaps here /storage/emulated/0/Android/data/com.emby.embyserver/files/ new folder called certs 1 Link to comment Share on other sites More sharing options...
requa3r0 10 Posted May 16, 2022 Author Share Posted May 16, 2022 no drifference 2022-05-16 22:20:53.312 Error App: Error loading cert from /storage/emulated/0/Android/data/com.emby.embyserver/files/cert/certificate.p12 *** Error Report *** Link to comment Share on other sites More sharing options...
Luke 37116 Posted May 16, 2022 Share Posted May 16, 2022 OK, I think tomorrow we'll be releasing the 4.7 release, so you could try that once available in case it might make a difference. Link to comment Share on other sites More sharing options...
requa3r0 10 Posted May 17, 2022 Author Share Posted May 17, 2022 (edited) Thanks for the info @Luke Just FYI the current beta 4.7.0.4.0 gives the same error. Can anyone else confirm this issue, or am I make some kind of mistake when generating the self-signe cert. Its worked fine before, and I did not even have any issues with other devices, other that they give the normal security risk to accept the first time. Even on i-devices. Here is the full error. It seems that EMBY is: Unable to decode certificate. ---> System.Security.Cryptography.CryptographicException: `MonoBtlsPkcs12.Import` failed.# 2022-05-17 18:38:29.454 Error App: Error loading cert from /storage/emulated/0/Download/certs/certificate.p12 *** Error Report *** Version: 4.7.0.40 Command line: /data/app/com.emby.embyserver-IBkxfj5nmUkA6JTJTBLiZA==/base.apk Operating system: Android 9 (REL) SDK:P BuildId:PPR1.180610.011 Incremental:20201223 Patch-Level: 2018-08-05 Framework: Mono 6.12.0 (2020-02/c633fe92383) 4.0.50524.0 OS/Process: Arm/Arm Runtime: mscorlib.dll Processor count: 6 Data path: /storage/emulated/0/Android/data/com.emby.embyserver/files Application path: /data/user/0/com.emby.embyserver Fingerprint: Amlogic/galilei/galilei:9/PPR1.180610.011/20201223:userdebug/test-keys Model: GTKing - AZW/Amlogic Hardware: galilei/galilei/amlogic/galilei SupportedAbis: armeabi-v7a, armeabi System.Security.Cryptography.CryptographicException: System.Security.Cryptography.CryptographicException: Unable to decode certificate. ---> System.Security.Cryptography.CryptographicException: `MonoBtlsPkcs12.Import` failed. at Mono.Btls.MonoBtlsObject.CheckError (System.Boolean ok, System.String callerName) [0x0003b] in <e3b6ad7501434659b50b5395301b3720>:0 at Mono.Btls.MonoBtlsObject.CheckError (System.Int32 ret, System.String callerName) [0x00000] in <e3b6ad7501434659b50b5395301b3720>:0 at Mono.Btls.MonoBtlsPkcs12.Import (System.Byte[] buffer, Microsoft.Win32.SafeHandles.SafePasswordHandle password) [0x0002e] in <e3b6ad7501434659b50b5395301b3720>:0 at Mono.Btls.X509CertificateImplBtls.ImportPkcs12 (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password) [0x0003e] in <e3b6ad7501434659b50b5395301b3720>:0 at Mono.Btls.X509CertificateImplBtls..ctor (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00047] in <e3b6ad7501434659b50b5395301b3720>:0 --- End of inner exception stack trace --- at Mono.Btls.X509CertificateImplBtls..ctor (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00076] in <e3b6ad7501434659b50b5395301b3720>:0 at Mono.Btls.MonoBtlsProvider.GetNativeCertificate (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags flags) [0x00000] in <e3b6ad7501434659b50b5395301b3720>:0 at Mono.Btls.X509PalImplBtls.Import (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00006] in <e3b6ad7501434659b50b5395301b3720>:0 at Mono.SystemCertificateProvider.Import (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags, Mono.CertificateImportFlags importFlags) [0x00017] in <e3b6ad7501434659b50b5395301b3720>:0 at Mono.SystemCertificateProvider.Mono.ISystemCertificateProvider.Import (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags, Mono.CertificateImportFlags importFlags) [0x00000] in <e3b6ad7501434659b50b5395301b3720>:0 at System.Security.Cryptography.X509Certificates.X509Helper.Import (System.Byte[] rawData, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00005] in <1b39a03c32ec46258a7821e202e0269f>:0 at System.Security.Cryptography.X509Certificates.X509Certificate..ctor (System.String fileName, System.String password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x0003e] in <1b39a03c32ec46258a7821e202e0269f>:0 at System.Security.Cryptography.X509Certificates.X509Certificate..ctor (System.String fileName, System.String password) [0x00000] in <1b39a03c32ec46258a7821e202e0269f>:0 at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor (System.String fileName, System.String password) [0x00000] in <e3b6ad7501434659b50b5395301b3720>:0 at Emby.Server.Implementations.ApplicationHost.GetCertificate (Emby.Server.Implementations.CertificateInfo info) [0x00041] in <73c23a6fefc04c6dade6e5f84e25315d>:0 Source: System TargetSite: Void .ctor(Byte[], Microsoft.Win32.SafeHandles.SafePasswordHandle, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags) InnerException: System.Security.Cryptography.CryptographicException: `MonoBtlsPkcs12.Import` failed. Source: System TargetSite: Void CheckError(Boolean, System.String) at Mono.Btls.MonoBtlsObject.CheckError (System.Boolean ok, System.String callerName) [0x0003b] in <e3b6ad7501434659b50b5395301b3720>:0 at Mono.Btls.MonoBtlsObject.CheckError (System.Int32 ret, System.String callerName) [0x00000] in <e3b6ad7501434659b50b5395301b3720>:0 at Mono.Btls.MonoBtlsPkcs12.Import (System.Byte[] buffer, Microsoft.Win32.SafeHandles.SafePasswordHandle password) [0x0002e] in <e3b6ad7501434659b50b5395301b3720>:0 at Mono.Btls.X509CertificateImplBtls.ImportPkcs12 (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password) [0x0003e] in <e3b6ad7501434659b50b5395301b3720>:0 at Mono.Btls.X509CertificateImplBtls..ctor (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00047] in <e3b6ad7501434659b50b5395301b3720>:0 embyserver-4.7-beta.txt Edited May 17, 2022 by requa3r0 Link to comment Share on other sites More sharing options...
Luke 37116 Posted May 17, 2022 Share Posted May 17, 2022 OK I'm not sure what the issue is. It looks like something related to your certificate. Try converting it to a pfx. Link to comment Share on other sites More sharing options...
requa3r0 10 Posted May 17, 2022 Author Share Posted May 17, 2022 I tried to generate the cert on a proper debian server and not in the android termux app Using this guide:https://www.adamintech.com/how-to-configure-emby-for-https/ Then I moved it here: ~/.../downloads/certs in termux with a scp command ~ $ scp root@192.168.1.100:/root/Downloads/embycert/emby.p12 emby.p12 Now I can actually not display the cert info in termux anymore - but the cert loads in emby..and works just fine..and my emby app on android loads the server fine as well. Strangly the cert if fine on the debian server, but in termux i get this error. ~/.../certs/emby $ openssl pkcs12 -info -in emby-debian.p12 -nodes Enter Import Password: MAC: sha1, Iteration 2048 MAC length: 20, salt length: 8 PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048 Error outputting keys and certificates 94642FA6:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties () so..I guess its the implementation of openssl in the new version of termux on f-driod..that is the culprit. oh well..that only took 2 days ;O) Link to comment Share on other sites More sharing options...
Luke 37116 Posted May 18, 2022 Share Posted May 18, 2022 Hi, so are you all set now? Link to comment Share on other sites More sharing options...
requa3r0 10 Posted May 18, 2022 Author Share Posted May 18, 2022 Yes. All I did was to generate the cert on a proper debian server, and then send it to the droidbox to load in EMBY ;O) I have a few android boxes, that I help setup etc. And its a bit of a pain that you can not reboot the EMBY server properly remotely from the web or just from the app. For maintenance purpose, for example it requires a reboot if you change certificate etc. But also if you are on the road the the emby server seems to hange etc. A reboot feature would be great. Is it a OS restriction issue, that this is not implemented yet? Link to comment Share on other sites More sharing options...
Luke 37116 Posted May 20, 2022 Share Posted May 20, 2022 On 5/18/2022 at 1:24 PM, requa3r0 said: Is it a OS restriction issue, that this is not implemented yet? It's just a little bit more of a challenge on android than it is other platforms. Quote But also if you are on the road the the emby server seems to hange etc. Can we please look at an example? Thanks. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now