Jump to content

SSL for clients


insename

Recommended Posts

insename

Hi everyone.

I just discovered mediabrowser today and I must say that I am impressed. I like how everything is working so far. I set this up on my server just now and everything works like a dream.

I know that ssl has already been requested and the response is that it is in the works but there is no anticipated release date due to higher priorities. 

My request is a smaller one that I hope can be both a temporary solution as well as a first step towards full ssl support.

 

I have set up a reverse proxy with the server so that the web client works perfectly. The problem is that I cannot get any clients to connect to the ssl port. I assume that the clients do not support ssl or self signed certs at the moment.

 

It would be great if the clients can be updated to support ssl and to have a checkbox to allow unsigned certs. I know that this would be a much smaller effort than enabling it on the server as a first step. Let me know what you think.

 

Thanks.

  • Like 1
Link to comment
Share on other sites

insename

Just checking back on this. Any thoughts or plans on enabling ssl and unsigned cert support as an interim solution?

 

I am thinking of droping plex in favor of mediabrowser. I have parallel runs of the servers right now to test. This feature will take plex out of the running.

Edited by insename
Link to comment
Share on other sites

anytime a change involves getting every single app developer together and coordinated, i can promise, it's not quicker and easier :)

 

ssl is a planned feature so we will have it at some point. apart from waiting the only thing you can really do is contribute to the effort, and/or request options in the individual app forums.

Link to comment
Share on other sites

insename

So can I request individual apps? Will it be a problem for the community if apps across different platforms have different feature sets?

 

So am I able to request in the android forums and leave this one as a master request?

I would contribute but I am not a developer.

 

Thanks Luke

Link to comment
Share on other sites

And if anybody would like to contribute, here is our http server:

 

https://github.com/MediaBrowser/SocketHttpListener

 

It is a standalone project that can be used separately in a console app without the use of MBS. So you need to add https support to that library, test it on windows, linux, osx and bsd, and then once that's done MBS will be able to utilize it.

Link to comment
Share on other sites

  • 4 weeks later...
jabbera

So can I request individual apps? Will it be a problem for the community if apps across different platforms have different feature sets?

 

So am I able to request in the android forums and leave this one as a master request?

 

I would contribute but I am not a developer.

 

Thanks Luke

 

This support is in the dev branch, but clients are not updated yet. using the browser should work.

Link to comment
Share on other sites

  • 4 weeks later...

Hi all,

 

Sorry to ask, but I was wondering if anyone knows whether this is now live or not, as I can see the  https port number field and the custom certificate path which I've populated with a self-signed certificate but it seems everytime I navigate to the https URL of my server it fails to load. Is this because the feature is not yet implemented, or am I doing something wrong?

 

I only set this up yesterday, so apologies if it's a silly question...

 

Thank you!

Link to comment
Share on other sites

Beardyname

Hi all,

 

Sorry to ask, but I was wondering if anyone knows whether this is now live or not, as I can see the  https port number field and the custom certificate path which I've populated with a self-signed certificate but it seems everytime I navigate to the https URL of my server it fails to load. Is this because the feature is not yet implemented, or am I doing something wrong?

 

I only set this up yesterday, so apologies if it's a silly question...

 

Thank you!

 

For the web-client this should work, make sure you are allowing the firewall to allow https port. If you are trying this with any other client it will unfortunately fail as of now.

Link to comment
Share on other sites

For the web-client this should work, make sure you are allowing the firewall to allow https port. If you are trying this with any other client it will unfortunately fail as of now.

 

Thanks for the reply Beardyname. I've tried to telnet over the port I'm using (12007) and it seems to go through fine, but if I use a web browser I just get "Connection was interrupted", different to say "Unable to connect" if there was nothing listening (please see screenshots).

 

 

This problem also happens locally on the server (Ubuntu 14.04 LTS x64Bit)

 

My config:

 

54edeb554783e_02.png

 

Any ideas?

 

Thanks

Edited by Glaive
Link to comment
Share on other sites

Beardyname

hmm there was a guide on how to convert the certificate files, although I'm not sure if that was windows specific or not.

 

What happens if you remove the cert path save it, and restart the server. Will it still fail to load? (mine is blank as in the app made one all by itself)

Other than that I don't have a clue, I'm running mine with one created by MBS and that works.

 

also try typing out https specifically as in https://ipgoeshere:12003 (although that should give you another error than what you are currently seeing)

 

*edit* noticed in your earlier reply that you used https so ignore the next to last piece of advice :)

Edited by Beardyname
Link to comment
Share on other sites

I tried uninstalling it completley (after i forced SSL it would not even work on http, checking the server logs under /var/lib/mediabrowser/logs I saw that it was trying to access the https cert that I placed in that path and i had to remove all traces).

 

I have a fresh install, with no cert path or anything and its back to where it was - http only. Telnet to the https port seems to work but it's strange, unlike to http which goes through and the cursor blinks, the connection seems to be automatically dropped after a second of connection on HTTPS. I think this is what the problem is!

 

Out of interest - what OS are you using to host your server?

 

Otherwise, don't worry about it - I'll keep at it :)

 

EDIT: I just tested the same on my Windows machine and it works fine. Seems like a problem with the Linux server. Gonna look into it and update this if I get somewhere incase someone else has the same issues.

Edited by Glaive
Link to comment
Share on other sites

Beardyname

I tried uninstalling it completley (after i forced SSL it would not even work on http, checking the server logs under /var/lib/mediabrowser/logs I saw that it was trying to access the https cert that I placed in that path and i had to remove all traces).

 

I have a fresh install, with no cert path or anything and its back to where it was - http only. Telnet to the https port seems to work but it's strange, unlike to http which goes through and the cursor blinks, the connection seems to be automatically dropped after a second of connection on HTTPS. I think this is what the problem is!

 

Out of interest - what OS are you using to host your server?

 

Otherwise, don't worry about it - I'll keep at it :)

 

EDIT: I just tested the same on my Windows machine and it works fine. Seems like a problem with the Linux server. Gonna look into it and update this if I get somewhere incase someone else has the same issues.

 

God luck :) sorry i could be of no real help, I'm running it on a windows server 2012 box. Will probably move it over to a unix machine in the future!

Link to comment
Share on other sites

bleomycin

I just stumbled on media browser and am very impressed with the software! I'm curious, when using the new HTTPS support via a web browser is all of the data transferred over ssl, including the media playback? Also, are there plans for the IOS app to support SSL as well? I'm extremely pleased to see that you are taking security seriously, there are many people like myself that refuse to use plex due to the lack of ssl across the board.

Link to comment
Share on other sites

Yes, we are committed to it! You guys just have to be a little patient while we get all the client apps updated. Once that happens then we'll have more capabilities like having the ability to require https for all connections, for example.

  • Like 2
Link to comment
Share on other sites

  • 2 weeks later...

EDIT: I just tested the same on my Windows machine and it works fine. Seems like a problem with the Linux server. Gonna look into it and update this if I get somewhere incase someone else has the same issues.

 

Hi,

 

I have exactly the same issue, Ubuntu 14.0.4.2 LTS x64 - MB won't return anything via HTTPS. Either leaving the cert field blank or specifying an existing cert (either generated by MB itself or via openssl) gives a connection interrupted error in Chrome. Looking in the MB logs, I see: 

 

2015-03-08 08:23:36.4932 Error - HttpServer: Exception loading certificate: /var/lib/mediabrowser/ssl/cert_9c31b7884ea54

        *** Error Report ***

        Version: 3.0.5518.7

        Command line: /opt/mediabrowser/MediaBrowser.Server.Mono.exe -programdata /var/lib/mediabrowser

        Operating system: Unix 3.13.0.44

        Processor count: 8

        64-Bit OS: True

        64-Bit Process: True

        Program data path: /var/lib/mediabrowser

        Mono: 3.2.8 (Debian 3.2.8+dfsg-4ubuntu1)

        Application Path: /opt/mediabrowser/MediaBrowser.Server.Mono.exe

        Input data cannot be coded as a valid certificate.

        System.Security.Cryptography.CryptographicException

          at Mono.Security.X509.X509Certificate.Parse (System.Byte[] data) [0x00000] in <filename unknown>:0

          at Mono.Security.X509.X509Certificate..ctor (System.Byte[] data) [0x00000] in <filename unknown>:0

          at System.Security.Cryptography.X509Certificates.X509Certificate2.Import (System.Byte[] rawData, System.String

          at System.Security.Cryptography.X509Certificates.X509Certificate2.Import (System.String fileName, System.Strin

          at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor (System.String fileName) [0x00000] in

          at SocketHttpListener.Net.EndPointListener.LoadCertificateAndKey (System.Net.IPAddress addr, Int32 port, Syste

        InnerException: System.Security.Cryptography.CryptographicException

        Input data cannot be coded as a valid certificate.

          at Mono.Security.X509.X509Certificate.Parse (System.Byte[] data) [0x00000] in <filename unknown>:0

 

Looks like it's a Ubuntu / Linux related issue...

 

Thanks

 

Jon

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...