soloam 3 Posted March 14, 2018 Posted March 14, 2018 (edited) Hello, I wanted I have my emby server running on a server that is accessed by a reverse proxy. This allows me to have multiple domains (other services) under the same IP address. This works great, and I have it running for some time now. Now I would like to enhance the security by adding a required Client Certificate Authentication, so that only authorised personal have access to the server. I configured it on the reverse proxy, and now when I access the server by the Webbrowser (desktop and android) it works, only people that have the certificate installed can communicate with the server. But the app does not work. When I access by the browser it asks me what is the client certificate to use, but in the app I simply can't connect. Is this possible? Or I have some miss configuration? Thank you Edited March 14, 2018 by soloam
Luke 38508 Posted March 14, 2018 Posted March 14, 2018 Hi, I'm afraid we've never tested this requirement in the android app before. Additionally we also configure the http server to not require client certificate validation, so what you're looking for would require server-side changes anyway.
soloam 3 Posted March 15, 2018 Author Posted March 15, 2018 But this works 100% on the browser, on my desktop and my android phone. The problem is the app's, they don't take into account the client certificate authentication. Please note that all this is done on the reverse proxy side, nothing needs to be changed on emby server.
Luke 38508 Posted March 15, 2018 Posted March 15, 2018 Ok I see. This would require in the mobile Android app.
EmbyForEver 0 Posted December 28, 2021 Posted December 28, 2021 Hi I see there is no much activity on this topic, but I would also feel much more comfortable to enable client side certificate support in Emby android App. For instance Chrome is supporting it, you simply have to install client certificate in Android certificate store and then applications can use it. For instance this blog post to see to support this in the Android App. https://chariotsolutions.com/blog/post/https-with-client-certificates-on/ Looks like a relatively contained change that would add great security value!! Any chance this feature request could be considered? Any way we could help? Thx!
Luke 38508 Posted December 28, 2021 Posted December 28, 2021 7 hours ago, EmbyForEver said: Hi I see there is no much activity on this topic, but I would also feel much more comfortable to enable client side certificate support in Emby android App. For instance Chrome is supporting it, you simply have to install client certificate in Android certificate store and then applications can use it. For instance this blog post to see to support this in the Android App. https://chariotsolutions.com/blog/post/https-with-client-certificates-on/ Looks like a relatively contained change that would add great security value!! Any chance this feature request could be considered? Any way we could help? Thx! HI, yes it's possible for the future. Thanks for the feedback.
xxxAyxxx 3 Posted November 25, 2022 Posted November 25, 2022 Hello to all, I'm also interested in supporting MTLS. @LukeIs there a future plan to support it on Clients Apps (Emby Theater & TV App)?
Luke 38508 Posted November 25, 2022 Posted November 25, 2022 5 hours ago, xxxAyxxx said: Hello to all, I'm also interested in supporting MTLS. @LukeIs there a future plan to support it on Clients Apps (Emby Theater & TV App)? That will also depend on platform support, but for the platforms that do support it, yes we can look into it in future updates. Thanks.
MacroMars 0 Posted January 5 Posted January 5 I am in the process of putting some of my services online and would like to secure them with client certificates. Therefore I would also be very interested in this feature :)
Mdaloha77 5 Posted January 21 Posted January 21 (edited) Hello, its 2024, is there any progress in this matter? I as many others using client ssl certs for allowing my users to access my emby. Its working ok In browsers on desktop or android, but emby app doesnt care about internal cert storage. I would like native android app expirience for my android users, instead of forcing them to use chrome. You got all components already in place(android cert storage), just add option in emby client "add server" section to choose from installed certs in phone cert storage. Thats all. Thank you. Edited January 21 by Mdaloha77
Luke 38508 Posted January 21 Posted January 21 4 hours ago, Mdaloha77 said: Hello, its 2024, is there any progress in this matter? I as many others using client ssl certs for allowing my users to access my emby. Its working ok In browsers on desktop or android, but emby app doesnt care about internal cert storage. I would like native android app expirience for my android users, instead of forcing them to use chrome. You got all components already in place(android cert storage), just add option in emby client "add server" section to choose from installed certs in phone cert storage. Thats all. Thank you. Hi there, can you please describe your issue in more detail? Thanks.
Mdaloha77 5 Posted January 22 Posted January 22 Its all about getting the emby android client aware of internal phone certificates and ability of emby client to recognize this when connecting to emby server behind ssl proxy, that it needs to pickup already installed client ssl certificate on phone. Chrome on android support this(firefox no), but both those browser on desktop working with client certs for decades. Its not that exotic as you may think. When browser go to https://abc.de it will recognize, that this web server asking him to send him his ssl client cert to be able make connection aka client handshake. Client Handshake In a client handshake, after the client hello and server hello messages, the server requires the client to present itself with a certificate. The server then verifies it, and encryption takes place through symmetric encryption. https://comodosslstore.com/blog/what-is-ssl-tls-client-authentication-how-does-it-work.html https://cheapsslsecurity.com/p/what-is-ssl-client-certificate-authentication-and-how-does-it-work/
Luke 38508 Posted April 12 Posted April 12 8 hours ago, Mdaloha77 said: Hello, any progress on this feature? Hi, not yet, sorry.
Luke 38508 Posted June 27 Posted June 27 6 hours ago, Mdaloha77 said: Hi, still nothing? Do you still plan this feature? Hi, it's possible for future updates. Thanks.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now