NME312 0 Posted September 9, 2020 Share Posted September 9, 2020 I have a question about remote clients connecting to my local emby server. I have set up port forwarding on my pfsense firewall to my emby server. I have checked the rule and confirmed the ports are open and accepting request. Running the test from pfsense also shows the ports on the emby server as being responsive and open. I can hit the url from the outside and confirm that ssl cert is poplutated and working. When I got to link the emby server to the web client or mobile client, I receive the connection failure message. This was all working, but it seems one i changed the port from the default 8096 to a secure port. It will not connect successfully. Has anyone any insight or resolutions to this kind of issue? Also on the Emby dashboard, it shows the remote wan access port as 8096, even though I have it configured as a different port number. The default http is 8096, but i have changed the https public port. Is there something Im missing? Do I need to do some type of redirection or change a configuration file in the Emby server itself? Any help would be much appreciated. Link to comment Share on other sites More sharing options...
Luke 37065 Posted September 9, 2020 Share Posted September 9, 2020 Hi there, what kind of SSL cert are you using? Link to comment Share on other sites More sharing options...
rbjtech 4265 Posted September 9, 2020 Share Posted September 9, 2020 (edited) 8 hours ago, NME312 said: Do I need to do some type of redirection or change a configuration file in the Emby server itself? Yes - have a look at the SSL guides - but in summary, under 'Network' - you need to point emby to your SSL Cert and provide the Cert password you used to create it. Then restart emby. Unless you do this, the security chain for SSL is not complete and emby will not use SSL... Once you get a WAN IP (or FQDN) using the SSL Port you specified (8920 is default) shown in the dashboard - then you should be good to go. Edited September 9, 2020 by rbjtech Link to comment Share on other sites More sharing options...
NME312 0 Posted September 9, 2020 Author Share Posted September 9, 2020 6 hours ago, Luke said: Hi there, what kind of SSL cert are you using? SSL Cert Link to comment Share on other sites More sharing options...
Luke 37065 Posted September 10, 2020 Share Posted September 10, 2020 14 hours ago, NME312 said: SSL Cert From where? Link to comment Share on other sites More sharing options...
NME312 0 Posted September 10, 2020 Author Share Posted September 10, 2020 (edited) its a free cert service zerossl. Edited September 10, 2020 by NME312 Link to comment Share on other sites More sharing options...
rbjtech 4265 Posted September 10, 2020 Share Posted September 10, 2020 it's a lets encrypt cert - this used to be ssl4free. @NME312 - did you see my post above ? Have you correctly converted and imported the cert into emby ? Link to comment Share on other sites More sharing options...
NME312 0 Posted September 10, 2020 Author Share Posted September 10, 2020 (edited) @rbjtech yes, i see your post. Is there any issues with using a free cert? Im not oppose to purchasing one. Just figured, I would use a free one to test out the capabilities. If was able to load the cert with the private key. It took the cert and everything, but the dashboard never shown that it was using the 8920 port. Edited September 10, 2020 by NME312 Link to comment Share on other sites More sharing options...
rbjtech 4265 Posted September 10, 2020 Share Posted September 10, 2020 Hiya - no issues with a free Cert at all - Lets-Encypt are a widely approved CA - that's what I use as do millions of other web sites. The issue I think may be in your config of the cert - ie is it a PKCS#12 type cert (.pfx in Windows) and when creating the private key, did you use a password ? Windows has a built in utility to check the cert - once you enter the cert password, it should show something like this - C:\Users\Richard>certutil "C:\Emby-Server\emby.XXX.XXX.pfx" Enter PFX password: ================ Certificate 0 ================ ================ Begin Nesting Level 1 ================ Element 0: Serial Number: ***** Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US NotBefore: 14/07/2020 18:18 NotAfter: 12/10/2020 18:18 Subject: CN=*** < your FQDN - this MUST be the same FQDN you use on the emby server in the domain field. Non-root Certificate Cert Hash(sha1): ***** ---------------- End Nesting Level 1 ---------------- Provider = Microsoft RSA SChannel Cryptographic ProviderEncryption test passed ================ Certificate 1 ================ There are a couple of guides on this in detail - https://support.emby.media/support/solutions/articles/44001160086-secure-your-server Link to comment Share on other sites More sharing options...
NME312 0 Posted September 10, 2020 Author Share Posted September 10, 2020 Maybe that is part of my issue, I ran the command you instructed (thank you, just learned something new!). It did not prompt me for a password? I did create a password when creating the cert in IIS. The Output shows Certs 0, 1, 2. Cert 2 shows that the issuer is zerossl, has the FQDN, but shows the encryption test failed! Maybe, I need to create a whole new cert all together? Link to comment Share on other sites More sharing options...
Carlo 4330 Posted September 20, 2020 Share Posted September 20, 2020 On 9/10/2020 at 11:28 AM, NME312 said: Maybe that is part of my issue, I ran the command you instructed (thank you, just learned something new!). It did not prompt me for a password? I did create a password when creating the cert in IIS. The Output shows Certs 0, 1, 2. Cert 2 shows that the issuer is zerossl, has the FQDN, but shows the encryption test failed! Maybe, I need to create a whole new cert all together? Have you got this fixed up yet or are you still stuck? Link to comment Share on other sites More sharing options...
NME312 0 Posted September 20, 2020 Author Share Posted September 20, 2020 (edited) Still stuck unfortunately. I tried exporting the cert again, readding the private key and same thing. My port forwarding rule works on the Firewall. So it definitely a cert issue, seems to me. I basically am unable to connect externally. If I allow connections from http, works fine, but once I Force https connections, no go This where I’m stuck, do you have any recommendations? Edited September 20, 2020 by NME312 Link to comment Share on other sites More sharing options...
NME312 0 Posted September 20, 2020 Author Share Posted September 20, 2020 Added Link to comment Share on other sites More sharing options...
Carlo 4330 Posted September 20, 2020 Share Posted September 20, 2020 If you want to install Teamviewer from www.teamviewer.com I can give you a hand remotely getting this generated. Install it, then PM me the userid and one-time use password and I'll remote in and open chat. Link to comment Share on other sites More sharing options...
NME312 0 Posted September 22, 2020 Author Share Posted September 22, 2020 (edited) @cayars if you have availability today, we can work on this. Are you a emby support specialists? Edited September 22, 2020 by NME312 Link to comment Share on other sites More sharing options...
Carlo 4330 Posted September 22, 2020 Share Posted September 22, 2020 We can try but I'm not a pfsense user so... Install TeamViewer from www.teamviewer.com and install it. Private Message me your UserID and one-time Passcode that shows up on launch. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now