ziomario 0 Posted February 18 Share Posted February 18 (edited) Hello to everyone. I'm trying to configure Emby for https,following this tutorial : https://www.adamintech.com/how-to-configure-emby-for-https/ Unfortunately after having followed carefully all the instructions found on the tutorial as well as some different variant,it ended up with the error that you see on the title. I've attached the pictures that show how I have configured the emby network settings as suggested. Can someone help me to find what's wrong please. thanks. PS : I have opened port 8920 on my router.... Edited February 18 by ziomario Link to comment Share on other sites More sharing options...
Lessaj 70 Posted February 18 Share Posted February 18 Your p12 is in the /root directory, are you running emby as root? If not, does the emby user have access to this file? You should probably put the certificate file within the emby directory at a location that makes sense to you, such as /var/lib/emby/config/ssl for example. It also looks like you're still trying to use the HTTP port but the browser screenshot isn't complete to show if you were trying to access http or https on 8096. You may want to use the local server name or IP rather than the domain name to ensure https is working locally before you try to do anything externally, you'll get a certificate error if there is no SAN for that address but it would at least indicate that SSL is properly configured. Link to comment Share on other sites More sharing options...
ziomario 0 Posted February 18 Author Share Posted February 18 Ok,I've copied the emby.p12 file in /var/lib/emby/config/ssl but it still does not connect using port 8920. Between the log I see this error message : Error App: Error loading cert from /var/lib/emby/config/ssl/emby.p12 *** Error Report *** Version: 4.8.1.0 Link to comment Share on other sites More sharing options...
ziomario 0 Posted February 18 Author Share Posted February 18 (edited) Reading from this thread : it seems that I should do a : chmod 644 /var/lib/emby/config/ssl/emby.p12 well,I did it,but the error is still there. Edited February 18 by ziomario Link to comment Share on other sites More sharing options...
ziomario 0 Posted February 18 Author Share Posted February 18 This is the full log : Quote Error App: Error loading cert from /var/lib/emby/config/ssl/emby.p12 *** Error Report *** Version: 4.8.1.0 Command line: /opt/emby-server/system/EmbyServer.dll -programdata /var/lib/emby -ffdetect /opt/emby-server/bin/ffdetect -ffmpeg /opt/emby-server/bin/ffmpeg -ffprobe /opt/emby-server/bin/ffprobe -restartexitcode 3 -updatepackage emby-server-deb_{version}_armhf.deb Operating system: Linux version 5.4.261-iommu-dma-on-xen (root@devuan-bunsen) (gcc version 12.2.0 (Debian 12.2.0-14)) #8 SMP Tue Jan 9 21:33:13 UTC 2024 Framework: .NET 6.0.25 OS/Process: arm/arm Runtime: opt/emby-server/system/System.Private.CoreLib.dll Processor count: 2 Data path: /var/lib/emby Application path: /opt/emby-server/system System.Security.Cryptography.CryptographicException: System.Security.Cryptography.CryptographicException: The certificate data cannot be read with the provided password, the password may be incorrect. ---> System.Security.Cryptography.CryptographicException: The certificate data cannot be read with the provided password, the password may be incorrect. at Internal.Cryptography.Pal.UnixPkcs12Reader.VerifyAndDecrypt(ReadOnlySpan`1 password, ReadOnlyMemory`1 authSafeContents) at Internal.Cryptography.Pal.UnixPkcs12Reader.Decrypt(SafePasswordHandle password, Boolean ephemeralSpecified) --- End of inner exception stack trace --- at Internal.Cryptography.Pal.UnixPkcs12Reader.Decrypt(SafePasswordHandle password, Boolean ephemeralSpecified) at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(ReadOnlySpan`1 rawData, OpenSslPkcs12Reader pfx, SafePasswordHandle password, Boolean single, Boolean ephemeralSpecified, BooleanreadingFromFile, ICertificatePal& readPal, List`1& readCerts) at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(ReadOnlySpan`1 rawData, SafePasswordHandle password, Boolean single, Boolean ephemeralSpecified, Boolean readingFromFile, ICertificatePal& readPal, List`1& readCerts, Exception& openSslException) at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName,String password) at Emby.Server.Implementations.ApplicationHost.GetCertificate(CertificateInfo info) Source: System.Security.Cryptography.X509Certificates TargetSite: Void Decrypt(Microsoft.Win32.SafeHandles.SafePasswordHandle, Boolean) InnerException: System.Security.Cryptography.CryptographicException: The certificate data cannot be read with the provided password, the password may be incorrect. Source: System.Security.Cryptography.X509Certificates TargetSite: Void VerifyAndDecrypt(System.ReadOnlySpan`1[System.Char], System.ReadOnlyMemory`1[System.Byte]) at Internal.Cryptography.Pal.UnixPkcs12Reader.VerifyAndDecrypt(ReadOnlySpan`1 password, ReadOnlyMemory`1 authSafeContents) at Internal.Cryptography.Pal.UnixPkcs12Reader.Decrypt(SafePasswordHandle password, Boolean ephemeralSpecified) Link to comment Share on other sites More sharing options...
Happy2Play 8313 Posted February 18 Share Posted February 18 Are you possitive the password is correct? The certificate data cannot be read with the provided password, the password may be incorrect. Link to comment Share on other sites More sharing options...
Lessaj 70 Posted February 18 Share Posted February 18 Did you set a password when creating the p12? You left that field blank in the configuration page. Try to read the p12 with openssl. openssl pkcs12 -info -in /var/lib/emby/config/ssl/emby.p12 Link to comment Share on other sites More sharing options...
ziomario 0 Posted February 19 Author Share Posted February 19 (edited) now it says : ziomario.ns0.it:8920 uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT Edited February 19 by ziomario Link to comment Share on other sites More sharing options...
Lessaj 70 Posted February 19 Share Posted February 19 (edited) Okay so that should mean that now your SSL is working at least. If you don't have any options to proceed anyway and you want your browser to trust it you'll have to import the certificate (the PEM certificate created before the p12). I don't use firefox but there's a certificate manager, you can either add it as an authority or probably add an exception under servers might work too. By the way your port forwarding is working as well. Edited February 19 by Lessaj Link to comment Share on other sites More sharing options...
ziomario 0 Posted February 19 Author Share Posted February 19 (edited) I can't ask to my friends to add the certificate in their browser because they don't know even what a browser is. I find more useful to understand how to add an exception on the emby server. Can you explain how to do this ? Edited February 19 by ziomario Link to comment Share on other sites More sharing options...
Lessaj 70 Posted February 19 Share Posted February 19 You don't add the exception in the server, it's all done from the client browser. If you want a certificate that's trusted already by devices you could get one using certbot or acme.sh. You'd likely want to do this in order for client apps to work (like on android, iOS, etc) because browsers can bypass it but client apps might not be able to. 1 Link to comment Share on other sites More sharing options...
jaycedk 389 Posted February 19 Share Posted February 19 Self signet certificates should not be used anymore. Browsers sees them as insecure. And some systems flat out reject them. Its better to bite the pullet and buy a real certificate. or use certbot with a reverse proxy that can automate the process. Link to comment Share on other sites More sharing options...
ziomario 0 Posted February 19 Author Share Posted February 19 (edited) I need a detailed tutorial that explain how to perform the whole procedure. Edited February 19 by ziomario Link to comment Share on other sites More sharing options...
Luke 37125 Posted February 20 Share Posted February 20 Have you considered digicert? Link to comment Share on other sites More sharing options...
ziomario 0 Posted February 20 Author Share Posted February 20 (edited) I don't know which differences there are between digicert or certbot or acme. I'm not experienced in this area. But what matters more for me is to find a detailed tutorial that explain how to perform the whole procedure. By myself only I'm not able to find the right tutorial. For sure,I can find one of the many tutorials that are on internet,but I'm not sure if the chosen one will fits with emby. . Edited February 20 by ziomario Link to comment Share on other sites More sharing options...
Luke 37125 Posted February 20 Share Posted February 20 4 minutes ago, ziomario said: I don't know which differences there are between digicert or certbot or acme. I'm not experienced in this area. But what matters more for me is to find a detailed tutorial that explain how to perform the whole procedure. By myself only I'm not able to find the right tutorial. For sure,I can find one of the many tutorials that are on internet,but I'm not sure if the chosen one will fits with emby. . Have you taken a look at this? Link to comment Share on other sites More sharing options...
ziomario 0 Posted February 20 Author Share Posted February 20 Its not good for me. As you can read below,the client is written only for Windows : Win32/Win64 Portable SSL Certificates client for Let's Encrypt / Buypass / other ACME-compatible CAs and servers (with ACME v2/v1, Wildcards and External Account Binding support) but I'm on arm 32 bit. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now