PKCS12 vs. Intern Proxy Synology

[Seger 115]

 

Hello all,

I keep reading that users are concerned with the PKCS12 file and that it always comes down to either buying the file or manually copying it somewhere. Surely it should be possible to automatically copy the cert/priv. files from the server somewhere, as the files are located within the synology? Furthermore, I wonder why the path to the default certificate cannot be selected directly within the synology, as this should also be possible within Emby, right? Is it not possible to run some commands with openssl to generate the file? As you can see, I have a lot of questions, but really only for the reason that I am using the internal proxy of Synology today and have been doing so for several years. I've also been told that the proxy doesn't work properly within Synology, but fortunately I can't find that at all. On the contrary, with the proxy and the automatic updating of the Synology certificate, I have absolutely no maintenance and only one port 443 open to the outside world. I am really interested in understanding what I can't do with my solution today, moreover, I would be happy if someone could share with me a tutorial that I can run it just like before without any effort.

Many greetings

Seger

 

[Seger 115]

https://mariushosting.com/synology-how-to-allow-emby-to-work-over-an-https-connection/

[Luke 38342]

On 12/30/2022 at 9:13 PM, Seger said:

https://mariushosting.com/synology-how-to-allow-emby-to-work-over-an-https-connection/

Hi, did you try this?

[Seger 115]

@LukeI have not only tried it out, but I have set up my device like this for 4 years and everything runs automatically and cleanly, so I don't understand why you go to all this trouble and at the same time question whether I am overlooking something that I should do differently. I've already had a conversation about it, but I couldn't understand the disadvantages and that's why I wanted to discuss it again calmly.

[Luke 38342]

I don't see anything specifically wrong with this setup. The only question is the same question for any https setup - will your devices accept the certificate because some are pickier than others. It sounds like yours do so I think your solution is fine.