Jump to content

HOWTO: create .pfx to use for https


Recommended Posts

Im using Linux Ubuntu 16.04 64 bit and Asustor AS-604T ADM 3.2.1

This requires you do own a domain and have create a Lets Encrypt certificate!

Following ports should be open: 80, 443, 8096 and 8920

1. Login to ADM web interface > Settings > Certificate Manager - Click on Export Certificate.

2. Extract certificate.zip and open the folder certifiate

3. right click in the folder - select open terminal

4. enter the command:
* Please change the name of the give-me-a-name.pfx
* After execution of this command you will be prompted to create a password, this is recommanded!

openssl pkcs12 -export -out give-me-a-name.pfx -inkey ssl.key -in ssl.crt

5. Save the new create give-me-a-name.pfx file on your NAS in a shared folder of own choice

6. go to:

7. Go to Advanced and do the following

Check that Allow remote connection to this Emby Server is marked.
* add external domain name
* Custon ssl certificate path (Click on the magnifier right to the text field and navigate to where the .pfx file is.
* Certificate password - Add the password you entered after execution of step 4.
* Secure connection mode - Set to preferred, but not required.

8. Hit save and navigate to Controlpanel > Restart - Now you should be able to access the Emby Media Server from outside.

Link to post
Share on other sites
  • 4 weeks later...

Just to append what I did to my Asustor + Emby install, where it says above " * add external domain name ", I filled the complete NAS URL which is hostname + domain name. As opposed to what may lead to most to just insert the domain name, again, I inserted the full URL.


One quick note, for all the woes Asustor certainly has in terms of its software, for example, they can't ship a proper working WebDAV service on the NAS (gosh! Directly contacted Asustor as customer and nothing; only silence!), in turn, the Emby server seems to be working right and I'm pleased.

Edited by fgs
Link to post
Share on other sites
  • 1 year later...

Ditto.  Worked for me, thanks!


I'm very new to this, but I assume you'd need to update the pfx file any time the certificate is updated.  That being the case, I modified this a bit to be completely automated and created a cron job that handles the password, too:

0 1 * * * [path to openssl binary]/openssl pkcs12 -export -out [path to certificate]/ssl.pfx -inkey [path to certificate]/ssl.key -in [path to certificate]/ssl.crt -passout pass:[password]

Obviously you need to replace the parts in brackets to match your needs.


This runs the command to create the pfx file at 1:00 AM every morning.


NOTE:  for anyone else running an ASUSTOR, the path to the LE certificate on my machine is:


Your mileage may vary.

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...