Warzonefury 12 Posted August 15, 2023 Posted August 15, 2023 (edited) Hi ! I wanted to secure my server by activating SSL using this page: https://emby.media/support/articles/Secure-Your-Server.html And of course, I didn't make it... I have an error when I connect to my server via https://xx.xx.xx.xx:8920 My certificate is invalid. It says to me: Unable to verify on the server that it is indeed the domain 82.xxx.xxx.xxx, because its security certificate comes from the domain XXXXXX.fr I have successfully converted my certificate CRT to PSK with this command : openssl pkcs12 -inkey private.key -in certificate.crt -export -out certificate.pfx My domain name was purchased today. I can access my server by its ip address (https://xx.xx.xx.xx:8920) but not by the domain name (https://domain.fr:8920). I followed the guide well but I have trouble understanding or making a mistake somewhere, can someone help me? Thank you Edited August 15, 2023 by Warzonefury
Q-Droid 989 Posted August 15, 2023 Posted August 15, 2023 (edited) Did you look at the next article in the KB? https://emby.media/support/articles/Connectivity.html Your domain needs to resolve to your public IP address. Edited August 15, 2023 by Q-Droid 1
Warzonefury 12 Posted August 15, 2023 Author Posted August 15, 2023 22 minutes ago, Q-Droid said: Your domain needs to resolve to your public IP address. Nice ! That was it ! Is there a way to only have to type the domain name without the port? Type A forwarding from my domain to my IP does not allow writing a port
rbjtech 5284 Posted August 15, 2023 Posted August 15, 2023 5 minutes ago, Warzonefury said: Nice ! That was it ! Is there a way to only have to type the domain name without the port? Type A forwarding from my domain to my IP does not allow writing a port Change the emby listening port to TCP 443, then there is no need to specify a port when using https. 1
MBSki 1114 Posted August 15, 2023 Posted August 15, 2023 2 minutes ago, rbjtech said: Change the emby listening port to TCP 443, then there is no need to specify a port when using https. Does it make it any less secure if the port number is known? 1
rbjtech 5284 Posted August 15, 2023 Posted August 15, 2023 2 minutes ago, MBSki said: Does it make it any less secure if the port number is known? using a known port number just gives away it's emby - ie 8920 or 8096 is 'likely' to be emby. Using 443 - means it's 'unknown' until queried - but the headers will give most things away regardless of port ... 1 2
Q-Droid 989 Posted August 15, 2023 Posted August 15, 2023 You may or may not be able to make Emby listen on port 443 but you can still forward port 443 to 8920 on your router. You also have to be careful with web redirect rules for your domain. Browsers can handle redirects just fine but apps might not be able to follow them and connections may fail. So you can stick with standard 443 at the router or server. Or you can define a subdomain to be used for web redirects while keeping the current domain for apps. 2
Q-Droid 989 Posted August 15, 2023 Posted August 15, 2023 49 minutes ago, MBSki said: Does it make it any less secure if the port number is known? There is no inherent security in port values. Hiding or obscuring the entry point with less well known ports only moves the fruit to another branch. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now