Jump to content

Remote connections no longer working after ssl cert update

Tiberius

By Tiberius
in General/Windows

 Share

Recommended Posts

Tiberius

Tiberius   0

Posted
Posted

image.png.42071195ce259dfc19c959923ce66adc.png

after updating my pkcs12 cert and the required restart - emby is no longer using https nor the 8920 port - and I have confirmed all settings - only change was the reference to the new SSL cert... this is interfering with remote connections via the TV app I use from work... can't even load page any more - gives an ERR_CONNECTION_REFUSED - port forwards are properly in place.. literally the only change made to anything was the cert update...

thoughts?

Link to comment
Share on other sites
Abobader Emby Team

Abobader   2947

Posted
Posted

Hello Tiberius,

** This is an auto reply **

Please wait for someone from staff support or our members to reply to you.

It's recommended to provide more info, as it explain in this thread:


Thank you.

Emby Team

Link to comment
Share on other sites
Tiberius

Tiberius   0

Posted
  • Author
Posted

Haven't made any password changes - just updated the SSL PCKS#12 reference and the above image showed http WAN access on 8096 rather than the https on 8920 as it did before... but here's the log

embyserver.txt

Link to comment
Share on other sites
darkassassin07

darkassassin07   423

Posted
Posted (edited)
Quote

2024-04-12 20:13:38.786 Error App: Error loading cert from C:\embyserver\programdata\emby2024.pfx

 *** Error Report ***

 Version: 4.8.3.0

 Command line: C:\embyserver\system\EmbyServer.dll -noautorunwebapp

 Operating system: Microsoft Windows 10.0.14393

 Framework: .NET 6.0.27

 OS/Process: x64/x64

 Runtime: C:/embyserver/system/System.Private.CoreLib.dll

 Processor count: 16

 Data path: C:\embyserver\programdata

 Application path: C:\embyserver\system

 Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The specified network password is not correct.

    at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags)

    at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)

    at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)

    at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)

    at Emby.Server.Implementations.ApplicationHost.GetCertificate(CertificateInfo info)

 Source: System.Security.Cryptography.X509Certificates

 TargetSite: Internal.Cryptography.Pal.Native.SafeCertContextHandle FilterPFXStore(System.ReadOnlySpan`1[System.Byte], Microsoft.Win32.SafeHandles.SafePasswordHandle, Internal.Cryptography.Pal.Native.PfxCertStoreFlags)

Yup. Wrong password.

Edited by darkassassin07
Link to comment
Share on other sites
Tiberius

Tiberius   0

Posted
  • Author
Posted

Thanks for finding that - so ok - it's the cert password it's erroring on... ok my misunderstanding earlier... so ... if the cert password field is blank in the networking settings... and the cert was created without a password... <null> = <null>, correct?... or does emby require there be a pass and I need to recreate? (apologies for sounding ignorant... only second time I have had to do SSL on emby and don't remember squat from the first go around)

Link to comment
Share on other sites
darkassassin07

darkassassin07   423

Posted
Posted

Shouldn't require one afaik, but I'm not certain.

 

Perhaps you set a password when you didn't intend to? (during pfx creation)

You could set one just to be sure you know what it is, and rule out whether you need one or not. Couldn't hurt.

Link to comment
Share on other sites
Tiberius

Tiberius   0

Posted
  • Author
Posted (edited)

same result

still showing http for WAN access on 8096

embyserver (1).txt

same network pass error (now that I know where to look)....

is that the cert pass it's erroring on? (I only ask because the log only references network pass, not cert.. I know it's in the cert load,, but who knows?... I didn't document the server)

Edited by Tiberius
Link to comment
Share on other sites
darkassassin07

darkassassin07   423

Posted
Posted (edited)

Yes, that error refers to the password used to encrypt the pfx file. For some reason the password you've given emby doesn't match what the pfx needs.

 

This thread from a few days ago comes to mind; the user had copy+pasted his commands for creating the pfx file and in doing so used different characters than the typical quotation marks. Those characters were included in the password instead of being used to define it.

 

 

As @Q-Droidnoted there, id use a tool like openssl to view the pfx file and ensure its correct.

 

openssl pkcs12 -in filename.pfx -info -nokeys

Edited by darkassassin07
Link to comment
Share on other sites
Tiberius

Tiberius   0

Posted
  • Author
Posted

Thanks..  will do in the am.. early morning for me. Have a good night

 

Link to comment
Share on other sites
Luke Emby Team

Luke   37085

Posted
Posted

Let us know how you get on. Thanks.

Link to comment
Share on other sites
Tiberius

Tiberius   0

Posted
  • Author
Posted

Apologies for the delay and thanks for the help... I have re-issued the cert with a new key with no pass - created the pcks12 with no pass - and no pass in the settings... and still get the error:

Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The specified network password is not correct.
at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags)
at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
at Emby.Server.Implementations.ApplicationHost.GetCertificate(CertificateInfo info)
Source: System.Security.Cryptography.X509Certificates
TargetSite: Internal.Cryptography.Pal.Native.SafeCertContextHandle FilterPFXStore(System.ReadOnlySpan`1[System.Byte], Microsoft.Win32.SafeHandles.SafePasswordHandle, Internal.Cryptography.Pal.Native.PfxCertStoreFlags)
Link to comment
Share on other sites
Happy2Play

Happy2Play   8290

Posted
Posted

Are you sure you don't have a password applied in Emby on the Network page?

Have you tries appling a password to cert and in the UI?  But obviously there is a mismatch either in cert or Emby UI to throw the error.

Link to comment
Share on other sites
Tiberius

Tiberius   0

Posted
  • Author
Posted

Yes - positive on those... 
password field on Network page is blank, and if you click in the far right of the field, the cursor appears far-left... with no change if you backspace... so no characters

 

I have also tried recreating the original cert - and the resulting conversion to PKCS12 with the same pass at all opportunities to specific a pass - and then the Network settings as well... same result... "Network Password Error"

(currently on yet another cert with no passwords at all during creation)

I don't get it... I even killed/recreated the Port Forwards... portscans show 8096 open, but 8920 times out (which makes sense given the error)

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...