Jump to content

secure public connection to emby server


Guest petwri
 Share

Recommended Posts

Guest petwri

Hi there,

 

I am trying to access my Emby server from the "outside" world. To do so, I have configured the public port on my emby server instance as 8920 and left the field for the server-cert blank, hoping emby would provide its own. I did forward the port in my router. But sadly, nothing works. My browser keeps loading forever. Doing the same for the standard http-port, 8096, works like charm, however, unencrypted.

 

I am completely new to the whole SSL thing via http, is there anything else to do, or is there a tutorial on how to get my emby server public? Thanks!

  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...
thefirstofthe300

I did use the https of course. But then Chrome gives me a privacy error.

 

That privacy error is the expected Chrome behavior.  Emby provides a self-signed certificate.  I am a bit fuzzy on details but it goes something like this: Chrome only ships with keys for the major CA authorities (Comodo SSL, Let's Encrypt's CA, and a bunch of others) by default.  Since your cert is not signed using one of those keys, Chrome can't say for sure that the cert being used is secure; hence the privacy error.  If you don't want a privacy error to show up in Chrome, you can either import you cert into Chrome's cert store (will only work on that Chrome instance) or get a cert signed by a CA that Chrome ships by default.  I personally suggest the latter.  You can get a cert for free from Let's Encrypt or StartSSL or you can buy a cert.

Link to comment
Share on other sites

Guest petwri

That privacy error is the expected Chrome behavior.  Emby provides a self-signed certificate.  I am a bit fuzzy on details but it goes something like this: Chrome only ships with keys for the major CA authorities (Comodo SSL, Let's Encrypt's CA, and a bunch of others) by default.  Since your cert is not signed using one of those keys, Chrome can't say for sure that the cert being used is secure; hence the privacy error.  If you don't want a privacy error to show up in Chrome, you can either import you cert into Chrome's cert store (will only work on that Chrome instance) or get a cert signed by a CA that Chrome ships by default.  I personally suggest the latter.  You can get a cert for free from Let's Encrypt or StartSSL or you can buy a cert.

Thanks for the info, that's what I thought. Is there any tutorial on how to use let's encrypt with emby? Only found some for running an apache server.

Link to comment
Share on other sites

  • 2 weeks later...
Banjo

weather or not your certificate is singed or not has no true security aspects of it. all that matter is how the selfsinged you made is created, TLS,SSL,2048 or 4096bit +++ . 

 

That is really not the case.  Signing has no effect on the cryptographic strength of the connection but it does impact security.  Let's say that you're using wifi in a cafe and someone has hijacked the access point.  With self-signed certs, they can man-in-the-middle your connection and neither your server nor client would be any the wiser.

 

Using a signed cert, you can know whether the connection is direct to the server or broken in the middle and the browser will warn you in this case.  

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...