Tiberius 0 Posted April 12 Share Posted April 12 after updating my pkcs12 cert and the required restart - emby is no longer using https nor the 8920 port - and I have confirmed all settings - only change was the reference to the new SSL cert... this is interfering with remote connections via the TV app I use from work... can't even load page any more - gives an ERR_CONNECTION_REFUSED - port forwards are properly in place.. literally the only change made to anything was the cert update... thoughts? Link to comment Share on other sites More sharing options...
Abobader 2960 Posted April 12 Share Posted April 12 Hello Tiberius, ** This is an auto reply ** Please wait for someone from staff support or our members to reply to you. It's recommended to provide more info, as it explain in this thread: Thank you. Emby Team Link to comment Share on other sites More sharing options...
Lessaj 83 Posted April 12 Share Posted April 12 Probably a password error, post your server log. 1 Link to comment Share on other sites More sharing options...
Tiberius 0 Posted April 13 Author Share Posted April 13 Haven't made any password changes - just updated the SSL PCKS#12 reference and the above image showed http WAN access on 8096 rather than the https on 8920 as it did before... but here's the log embyserver.txt Link to comment Share on other sites More sharing options...
darkassassin07 434 Posted April 13 Share Posted April 13 (edited) Quote 2024-04-12 20:13:38.786 Error App: Error loading cert from C:\embyserver\programdata\emby2024.pfx *** Error Report *** Version: 4.8.3.0 Command line: C:\embyserver\system\EmbyServer.dll -noautorunwebapp Operating system: Microsoft Windows 10.0.14393 Framework: .NET 6.0.27 OS/Process: x64/x64 Runtime: C:/embyserver/system/System.Private.CoreLib.dll Processor count: 16 Data path: C:\embyserver\programdata Application path: C:\embyserver\system Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The specified network password is not correct. at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags) at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password) at Emby.Server.Implementations.ApplicationHost.GetCertificate(CertificateInfo info) Source: System.Security.Cryptography.X509Certificates TargetSite: Internal.Cryptography.Pal.Native.SafeCertContextHandle FilterPFXStore(System.ReadOnlySpan`1[System.Byte], Microsoft.Win32.SafeHandles.SafePasswordHandle, Internal.Cryptography.Pal.Native.PfxCertStoreFlags) Yup. Wrong password. Edited April 13 by darkassassin07 Link to comment Share on other sites More sharing options...
Tiberius 0 Posted April 13 Author Share Posted April 13 Thanks for finding that - so ok - it's the cert password it's erroring on... ok my misunderstanding earlier... so ... if the cert password field is blank in the networking settings... and the cert was created without a password... <null> = <null>, correct?... or does emby require there be a pass and I need to recreate? (apologies for sounding ignorant... only second time I have had to do SSL on emby and don't remember squat from the first go around) Link to comment Share on other sites More sharing options...
darkassassin07 434 Posted April 13 Share Posted April 13 Shouldn't require one afaik, but I'm not certain. Perhaps you set a password when you didn't intend to? (during pfx creation) You could set one just to be sure you know what it is, and rule out whether you need one or not. Couldn't hurt. Link to comment Share on other sites More sharing options...
Tiberius 0 Posted April 13 Author Share Posted April 13 worth a shot - I'll create with pass and update Link to comment Share on other sites More sharing options...
Tiberius 0 Posted April 13 Author Share Posted April 13 (edited) same result still showing http for WAN access on 8096 embyserver (1).txt same network pass error (now that I know where to look).... is that the cert pass it's erroring on? (I only ask because the log only references network pass, not cert.. I know it's in the cert load,, but who knows?... I didn't document the server) Edited April 13 by Tiberius Link to comment Share on other sites More sharing options...
darkassassin07 434 Posted April 13 Share Posted April 13 (edited) Yes, that error refers to the password used to encrypt the pfx file. For some reason the password you've given emby doesn't match what the pfx needs. This thread from a few days ago comes to mind; the user had copy+pasted his commands for creating the pfx file and in doing so used different characters than the typical quotation marks. Those characters were included in the password instead of being used to define it. As @Q-Droidnoted there, id use a tool like openssl to view the pfx file and ensure its correct. openssl pkcs12 -in filename.pfx -info -nokeys Edited April 13 by darkassassin07 Link to comment Share on other sites More sharing options...
Tiberius 0 Posted April 13 Author Share Posted April 13 Thanks.. will do in the am.. early morning for me. Have a good night Link to comment Share on other sites More sharing options...
Luke 37272 Posted April 13 Share Posted April 13 Let us know how you get on. Thanks. Link to comment Share on other sites More sharing options...
Tiberius 0 Posted April 16 Author Share Posted April 16 Apologies for the delay and thanks for the help... I have re-issued the cert with a new key with no pass - created the pcks12 with no pass - and no pass in the settings... and still get the error: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The specified network password is not correct. at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags) at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password) at Emby.Server.Implementations.ApplicationHost.GetCertificate(CertificateInfo info) Source: System.Security.Cryptography.X509Certificates TargetSite: Internal.Cryptography.Pal.Native.SafeCertContextHandle FilterPFXStore(System.ReadOnlySpan`1[System.Byte], Microsoft.Win32.SafeHandles.SafePasswordHandle, Internal.Cryptography.Pal.Native.PfxCertStoreFlags) Link to comment Share on other sites More sharing options...
Lessaj 83 Posted April 16 Share Posted April 16 Sounds similar to this topic. Link to comment Share on other sites More sharing options...
Happy2Play 8361 Posted April 16 Share Posted April 16 Are you sure you don't have a password applied in Emby on the Network page? Have you tries appling a password to cert and in the UI? But obviously there is a mismatch either in cert or Emby UI to throw the error. Link to comment Share on other sites More sharing options...
Tiberius 0 Posted April 16 Author Share Posted April 16 Yes - positive on those... password field on Network page is blank, and if you click in the far right of the field, the cursor appears far-left... with no change if you backspace... so no characters I have also tried recreating the original cert - and the resulting conversion to PKCS12 with the same pass at all opportunities to specific a pass - and then the Network settings as well... same result... "Network Password Error" (currently on yet another cert with no passwords at all during creation) I don't get it... I even killed/recreated the Port Forwards... portscans show 8096 open, but 8920 times out (which makes sense given the error) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now