Remote Connection Question

[GuyBee 2]

Is it possible to make the server reject remote access if the certs have expired (or do not exist)?
I thought that would be caused by "Secure connection mode" being "Required for all remote connections".. but maybe that just means remote connections have to be over the ssl port?

Thanks

[Luke 42079]

HI, which certificate do you mean?

[GuyBee 2]

The ssl certificate that you use in the network settings in emby.

[Lessaj 467]

It is up to the client to determine if it trusts all aspects of the certificate being presented by the server. A server can present a certificate that is expired, as long as it has a valid certificate and key pairing. If the certificate is expired client apps will not connect, and even the web app depending on your browser settings may not enable you to load the site with an expired certificate. From my understanding if the certificate pair isn't valid (or doesn't exist) then it can't start the HTTPS listener, so it wouldn't listen on that port which would effectively reject traffic.

[GuyBee 2]

Ah so loading through the browser for an expired cert is more to do with the browser(client) than the server? That makes sense.

 

And official emby client apps will not connect if the cert is expired?

 

Thanks for the help!

[Luke 42079]

17 minutes ago, GuyBee said:

And official emby client apps will not connect if the cert is expired?

 

Thanks for the help!

This could vary per platform because http requests are sent using the device's networking layer and so it just depends on how it will handle that situation. But I would expect most to reject it.

[GuyBee 2]

Appreciate the help team. Thanks so much!