Jump to content


Photo

Server access

access internet port certificate

Best Answer Cerothen , 18 April 2016 - 08:54 AM

Did you ensure that the certificate you are trying to use with Emby is an unpassworded PFX file?

 

You can use openSSL to convert any certificate (+chain +key) into a pfx file then when it asks for a password just leave it blank.

 

This is the command line I use for my letsencrypt certs:

openssl pkcs12 -export -out hostcert.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass:

The "-passout pass:" deliberately doesn't have anything after it since it should be blank

Go to the full post


  • Please log in to reply
5 replies to this topic

#1 wolfgang OFFLINE  

wolfgang

    Advanced Member

  • Members
  • 43 posts
  • Local time: 03:07 PM
  • LocationAustria

Posted 18 April 2016 - 08:41 AM

Hi,

 

I really could need some help..

 

I'm hosting a website on my very own server (debian latest). Bought a domain from noip.com, so I can also setup subdomains. For those I also got valid ssl certificates. My self-hosted wordpress site works well this way.

 

Now I want to have access to Emby from "outside".

 

https://blabla.com:8920 gives me NET::ERR_CERT_AUTHORITY_INVALID, most likely because I use my own certificate which doesn't cooperate with Emby!?

 

https://emby.blabla.com would be nice, but how do I do that? Only got subdomains working with Apache. Also it wouldn't solve my problem, right?

 

Trying to use my own certificate in Emby results in "ERR_CONNECTION_CLOSED".

 

Unencrypted http works fine, but obviously I want to avoid that. So, what can I do?


  • Tur0k likes this

#2 Cerothen OFFLINE  

Cerothen

    Advanced Member

  • Members
  • 213 posts
  • Local time: 10:07 AM

Posted 18 April 2016 - 08:54 AM   Best Answer

Did you ensure that the certificate you are trying to use with Emby is an unpassworded PFX file?

 

You can use openSSL to convert any certificate (+chain +key) into a pfx file then when it asks for a password just leave it blank.

 

This is the command line I use for my letsencrypt certs:

openssl pkcs12 -export -out hostcert.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass:

The "-passout pass:" deliberately doesn't have anything after it since it should be blank


  • wolfgang likes this

#3 wolfgang OFFLINE  

wolfgang

    Advanced Member

  • Members
  • 43 posts
  • Local time: 03:07 PM
  • LocationAustria

Posted 18 April 2016 - 11:29 AM

Thank you for your quick reply. Since I pretty much messed up the cert files on my computer I want to re-download them from auth.startssl.com, but I cannot log in since my browsers tell me the server doesn't respond.. ??

 

On the other hand, I think my startssl.com.p12 file is all what I should need, still it doesn't work..

 

Edit: I redownloaded my certificates and followed your advice (using crt files). Now it works. Thank you a lot!

 

Edit2: Well it works in Chromium, Safari, but not Firefox..

"SEC_ERROR_UNKNOWN_ISSUER"


Edited by wolfgang, 18 April 2016 - 12:33 PM.


#4 wolfgang OFFLINE  

wolfgang

    Advanced Member

  • Members
  • 43 posts
  • Local time: 03:07 PM
  • LocationAustria

Posted 25 April 2016 - 08:02 AM

It kinda works now in Firefox too. Had to create a unified certificate which consists of my very own and a second one from startssl I previously downloaded already. Using this certificate I managed to create the pfx file. It works in Firefox Developer Edition completely fine, also in the Android version. Current Firefox stable gives me an error still, but I can add an exception.

Safari, Chrome (+Chromium-based), IE etc. are fine.

 

Good enough for now, thank you.



#5 H3kt0r OFFLINE  

H3kt0r

    Newbie

  • Members
  • 8 posts
  • Local time: 05:07 PM

Posted 30 April 2016 - 01:49 AM

I too have issues with self-created-SSL-cert

Steps taken:

- created non-password-protected cert > converted it to foo.pfx > configured it to Emby-settings

- configured local ssl-port 8920, domain blahblahblah.net, public ssl-port is 55555, local ip-address to Emby-settings

- [ x ] Report https as external address

- forwarded port 55555 > 8920 in my router

- initiated connection from internet with FF-browser: https://blahblahblah.net:55555 responds but warns about the cert > made security exception > logged in OK

- however Emby Theater Windows-client (Win 7 Pro x64) refuses to see the very same server:

Connection error - We're unable to connect to the selected server. Please ensure its running and try again

 

Is Emby-Theater incompatible with ssl-certs/connections?



#6 hijinx OFFLINE  

hijinx

    Member

  • Members
  • 23 posts
  • Local time: 02:07 PM

Posted 19 May 2016 - 04:53 AM

I just added a CA signed certificate from letsencrypt.

This site is really helpful (note - google translate messes up the commands):

 

http://blog.ouranos..../04/emby-https/

 

Also basic instructions from here:

https://letsencrypt....etting-started/

 

You need to have your own domain e.g. emby.mydomain.com, and have DNS configured to point to emby servers external IP.  (inc use of DDNS service to do this. I use dnsomatic and cloudflare DNS)

You need to have port 443 open on your router and port mapped to your emby servers IP.

(This is because letsencrypt certification issuing process calls back to your server to ensure you own the domain)

git clone https://github.com/certbot/certbot
cd certbot
./certbot-auto certonly --standalone -d emby.domain.com
cd /etc/letsencrypt/live/emby.domain.com
sudo openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out emby.pfx

Note:

1) Because certbot spawns a root owned process, permissions for /etc/letsencrypt dirs have root-only permissions so you may need to adjust permissions)

2) When openssl asks for password pass none (enter)

 

Finally configure emby to use certificate at path /etc/letsencrypt/live/emby.domain.com/emby.pfx

 

letsencrypt certificates are valid for 3 months, so this needs to be repeated every 3 months.


  • acnp77 likes this





Also tagged with one or more of these keywords: access, internet, port, certificate

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users