Tolotos 61 Posted October 29, 2016 Posted October 29, 2016 Hi, I want to use SSL certificates from startssl.com. There certificates needs the installation of additional root certificates to keep the ssl chain closed. Is this supported from emby? Simple put all certificates into a folder and configure amby to use this folder? -- Tolotos
gstuartj 40 Posted October 31, 2016 Posted October 31, 2016 I don't use my certs with Emby directly, but you should be able to combine the certificate and the rest of the trust chain into one PFX file with OpenSSL, then you can use that with Emby. Also make sure your certificate was issued before Oct. 21. WoSign/StartCom/StartSSL have had their trust revoked by Mozilla due to security and transparency issues, so if it was issued in the last week it won't work in Firefox. It remains to be seen if other browsers/OSes will follow suit. More info.
Tolotos 61 Posted October 31, 2016 Author Posted October 31, 2016 (edited) Thank you. I have currently no certificate - so I don't get one from StartSSL after your message I ordered one from my domain provider now and pay the ~2€ per month to be on the save side. Edit: I got now 3 files from my provider: - 2 *.pem (the chain files) - 1 *.crt (the certificate) Can you tell me how I can create the PFX file? Google gives me not the anwers I need - maybe i use the wrong search words. Edited October 31, 2016 by Tolotos
Tolotos 61 Posted October 31, 2016 Author Posted October 31, 2016 I got a pfx file with putting all 3 files into one file and execute "openssl pkcs12 -export -in <combined-file> -inkey <key-file> -out <pfx-file>" After setup Emby to use this <pfx-file> and a server restart I get 2016-10-31 21:31:05.1293 Info HttpServer: attempting to load pfx: <pfx-file> 2016-10-31 21:31:05.1485 Error HttpServer: Exception loading certificate: <pfx-file> *** Error Report *** Version: 3.0.8400.0 Command line: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe -programdata /var/lib/emby-server -restartpath /usr/lib/emby-server/restart.sh Operating system: Unix 4.4.0.45 Processor count: 12 64-Bit OS: True 64-Bit Process: True Program data path: /var/lib/emby-server Mono: 4.6.1 (Stable 4.6.1.5/ef43c15 Fri Oct 28 20:30:39 UTC 2016) Application Path: /usr/lib/emby-server/bin/MediaBrowser.Server.Mono.exe Input data cannot be coded as a valid certificate. System.Security.Cryptography.CryptographicException at Mono.Security.X509.X509Certificate.Parse (System.Byte[] data) [0x0035e] in <e220be0b0a364427860ee43376ab6f2b>:0 at Mono.Security.X509.X509Certificate..ctor (System.Byte[] data) [0x0003e] in <e220be0b0a364427860ee43376ab6f2b>:0 at System.Security.Cryptography.X509Certificates.X509Certificate2ImplMono.Import (System.Byte[] rawData, System.String password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00050] in <59be416de143456b88b9988284f43350>:0 at System.Security.Cryptography.X509Certificates.X509Helper2.Import (System.Byte[] rawData, System.String password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00023] in <59be416de143456b88b9988284f43350>:0 at System.Security.Cryptography.X509Certificates.X509Certificate2.Import (System.Byte[] rawData, System.String password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00000] in <59be416de143456b88b9988284f43350>:0 at System.Security.Cryptography.X509Certificates.X509Certificate2.Import (System.String fileName, System.String password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00007] in <59be416de143456b88b9988284f43350>:0 at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor (System.String fileName) [0x00011] in <59be416de143456b88b9988284f43350>:0 at SocketHttpListener.Net.HttpListener.LoadCertificateAndKey (System.String certificateLocation) [0x0003e] in <33c4fa8b218e4df9a8fbe6eca87be836>:0 InnerException: System.Security.Cryptography.CryptographicException Input data cannot be coded as a valid certificate. at Mono.Security.X509.X509Certificate.Parse (System.Byte[] data) [0x00041] in <e220be0b0a364427860ee43376ab6f2b>:0
gstuartj 40 Posted October 31, 2016 Posted October 31, 2016 ~2€/mo isn't bad. Sometime it may be worth checking out Let's Encrypt, too. It's a little different and takes more setup, but the certificates are free. To combine all those files into one PFX, what you need to do is first combine the 2 .pem files. You can just open them in a text editor and paste them into a new file named fullchain.pem, starting with the intermediate CA, followed by the root CA. Then, you'll use this command to export to .PFX: openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile fullchain.pem
gstuartj 40 Posted October 31, 2016 Posted October 31, 2016 I got a pfx file with putting all 3 files into one file and execute "openssl pkcs12 -export -in <combined-file> -inkey <key-file> -out <pfx-file>" After setup Emby to use this <pfx-file> and a server restart I get ... Hmm, a combined input file should work, but maybe try specifying the chain separately using -certfile, like in my example. Also try some of the checks on this page to make sure you're getting a valid result.
gstuartj 40 Posted October 31, 2016 Posted October 31, 2016 Also, be sure you aren't setting a password on the file when you export to PFX.
Tolotos 61 Posted October 31, 2016 Author Posted October 31, 2016 (edited) Thank you. I'll try this as soon as emby starts again See https://emby.media/community/index.php?/topic/40917-server-crash-at-startup/&do=findComment&comment=381613 The certificate now works Edited October 31, 2016 by Tolotos 1
gstuartj 40 Posted October 31, 2016 Posted October 31, 2016 Glad you got it working! I still owe you for the TVHeadend plugin.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now