Tiberius 0 Posted April 12, 2024 Posted April 12, 2024 after updating my pkcs12 cert and the required restart - emby is no longer using https nor the 8920 port - and I have confirmed all settings - only change was the reference to the new SSL cert... this is interfering with remote connections via the TV app I use from work... can't even load page any more - gives an ERR_CONNECTION_REFUSED - port forwards are properly in place.. literally the only change made to anything was the cert update... thoughts?
Abobader 3464 Posted April 12, 2024 Posted April 12, 2024 Hello Tiberius, ** This is an auto reply ** Please wait for someone from staff support or our members to reply to you. It's recommended to provide more info, as it explain in this thread: Thank you. Emby Team
Lessaj 467 Posted April 12, 2024 Posted April 12, 2024 Probably a password error, post your server log. 1
Tiberius 0 Posted April 13, 2024 Author Posted April 13, 2024 Haven't made any password changes - just updated the SSL PCKS#12 reference and the above image showed http WAN access on 8096 rather than the https on 8920 as it did before... but here's the log embyserver.txt
darkassassin07 652 Posted April 13, 2024 Posted April 13, 2024 (edited) Quote 2024-04-12 20:13:38.786 Error App: Error loading cert from C:\embyserver\programdata\emby2024.pfx *** Error Report *** Version: 4.8.3.0 Command line: C:\embyserver\system\EmbyServer.dll -noautorunwebapp Operating system: Microsoft Windows 10.0.14393 Framework: .NET 6.0.27 OS/Process: x64/x64 Runtime: C:/embyserver/system/System.Private.CoreLib.dll Processor count: 16 Data path: C:\embyserver\programdata Application path: C:\embyserver\system Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The specified network password is not correct. at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags) at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password) at Emby.Server.Implementations.ApplicationHost.GetCertificate(CertificateInfo info) Source: System.Security.Cryptography.X509Certificates TargetSite: Internal.Cryptography.Pal.Native.SafeCertContextHandle FilterPFXStore(System.ReadOnlySpan`1[System.Byte], Microsoft.Win32.SafeHandles.SafePasswordHandle, Internal.Cryptography.Pal.Native.PfxCertStoreFlags) Yup. Wrong password. Edited April 13, 2024 by darkassassin07
Tiberius 0 Posted April 13, 2024 Author Posted April 13, 2024 Thanks for finding that - so ok - it's the cert password it's erroring on... ok my misunderstanding earlier... so ... if the cert password field is blank in the networking settings... and the cert was created without a password... <null> = <null>, correct?... or does emby require there be a pass and I need to recreate? (apologies for sounding ignorant... only second time I have had to do SSL on emby and don't remember squat from the first go around)
darkassassin07 652 Posted April 13, 2024 Posted April 13, 2024 Shouldn't require one afaik, but I'm not certain. Perhaps you set a password when you didn't intend to? (during pfx creation) You could set one just to be sure you know what it is, and rule out whether you need one or not. Couldn't hurt.
Tiberius 0 Posted April 13, 2024 Author Posted April 13, 2024 worth a shot - I'll create with pass and update
Tiberius 0 Posted April 13, 2024 Author Posted April 13, 2024 (edited) same result still showing http for WAN access on 8096 embyserver (1).txt same network pass error (now that I know where to look).... is that the cert pass it's erroring on? (I only ask because the log only references network pass, not cert.. I know it's in the cert load,, but who knows?... I didn't document the server) Edited April 13, 2024 by Tiberius
darkassassin07 652 Posted April 13, 2024 Posted April 13, 2024 (edited) Yes, that error refers to the password used to encrypt the pfx file. For some reason the password you've given emby doesn't match what the pfx needs. This thread from a few days ago comes to mind; the user had copy+pasted his commands for creating the pfx file and in doing so used different characters than the typical quotation marks. Those characters were included in the password instead of being used to define it. As @Q-Droidnoted there, id use a tool like openssl to view the pfx file and ensure its correct. openssl pkcs12 -in filename.pfx -info -nokeys Edited April 13, 2024 by darkassassin07
Tiberius 0 Posted April 13, 2024 Author Posted April 13, 2024 Thanks.. will do in the am.. early morning for me. Have a good night
Tiberius 0 Posted April 16, 2024 Author Posted April 16, 2024 Apologies for the delay and thanks for the help... I have re-issued the cert with a new key with no pass - created the pcks12 with no pass - and no pass in the settings... and still get the error: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The specified network password is not correct. at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags) at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password) at Emby.Server.Implementations.ApplicationHost.GetCertificate(CertificateInfo info) Source: System.Security.Cryptography.X509Certificates TargetSite: Internal.Cryptography.Pal.Native.SafeCertContextHandle FilterPFXStore(System.ReadOnlySpan`1[System.Byte], Microsoft.Win32.SafeHandles.SafePasswordHandle, Internal.Cryptography.Pal.Native.PfxCertStoreFlags)
Happy2Play 9782 Posted April 16, 2024 Posted April 16, 2024 Are you sure you don't have a password applied in Emby on the Network page? Have you tries appling a password to cert and in the UI? But obviously there is a mismatch either in cert or Emby UI to throw the error.
Tiberius 0 Posted April 16, 2024 Author Posted April 16, 2024 Yes - positive on those... password field on Network page is blank, and if you click in the far right of the field, the cursor appears far-left... with no change if you backspace... so no characters I have also tried recreating the original cert - and the resulting conversion to PKCS12 with the same pass at all opportunities to specific a pass - and then the Network settings as well... same result... "Network Password Error" (currently on yet another cert with no passwords at all during creation) I don't get it... I even killed/recreated the Port Forwards... portscans show 8096 open, but 8920 times out (which makes sense given the error)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now