Android TV App Manual Server Setup Defaults to "Cancel"

[Luke 37089]

At this point there is still more work for us to do with self signed certs in the TV app.

[BAlGaInTl 279]

Thanks for the support.

 

I'm still poking around, but other than that issue, things have looked really good.

[adam1010 19]

At this point there is still more work for us to do with self signed certs in the TV app.

 

Thanks Luke! I too am using a self-generated certificate (from a self-generated Certificate Authority) and am unable to connect using my Fire TV Emby app.  On the regular Android app it just asks if I want to accept the certificate the first time I connect. I'm guessing you're not able to easily port over this same functionality?

 

If you had to guess, would it be a few weeks or a few months away? (I like to travel with my Fire TV stick and use it hotels, etc so I'd love to get Emby working on it)

[Luke 37089]

@@adam1010, while it is possible to override and allow self-signed certs on android, it is not possible on every platform that we support. For that reason, pursuing trusted certs is going to be our ultimate direction that we want to go in. So based on that I would suggest creating a LetsEncrypt cert rather than waiting on us to expand on in-app overrides.

[adam1010 19]

@@Luke Thanks for the info. Obtaining a Let's Encrypt cert may prove quite difficult for many users. My ISP blocks inbound port 80 so you would have to answer the challenges on port 443 (which I already have port forwarding to another server). I don't believe Let's Encrypt will let you answer challenges on other ports. And my DDNS provider doesn't support adding TXT records to allow for the DNS-based challanges.

 

So for me, every 2-3 months when the Let's Encrypt cert expires, I'll have to temporarily change my port forwarding around (or I'll need to handle the renewal on another machine and sync the certificate to the Emby machine). So it won't be an easy fix in my case (and it would only be necessary to support Fire TV, since all my other apps already handle self-signed certs).

 

I'll work on setting up automated Let's Encrypt support, but I'll keep my fingers crossed for self-signed support on Fire TV in the meantime :-)

[ebr 14917]

If the stores see us with code in our app that is deliberately bypassing these types of things, they will reject the app.  That is because all of this security is supposed to be there to ensure that you are actually connecting to what you think you are and bypassing that could allow some very nefarious behavior on the part of suspect apps.

 

So, using the security system properly is going to be the only true solution across the board.

[adam1010 19]

@@ebr Thanks for the explanation -- that clarifies things a bit.

 

For the Let's Encrypt certs -- have you guys considered hosting a DNS server for Premiere users? You would assign a random subdomain (when enabled) like 987qjwjqwe23.embyserver.tv and have the Emby server keep that subdomain's IP address updated. Then you could use Let's Encrypt DNS based verification (i.e. setting a TXT record on that subdomain) in order to acquire the certificate. The Emby server would be responsible for acquiring and renewing its own certificate, but it would rely on the Emby DNS server to keep a subdomain pointed at it and to allow updating the necessary TXT record.

 

I would imagine that will be the most universal solution, particularly with users that can't keep ports 80/443 open to their Emby server to handle the Let's Encrypt verification/challenges.