looking111 30 Posted February 19, 2019 Posted February 19, 2019 (edited) Hello, for SSL connection i need an client cacert. Fortigate Firewall do an deepinspection of ssl packages. So i get the error by libraryscan: System.Net.Http.HttpRequestException: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. The gloabl certificatestore from Ubuntu will not used from emby. So there must be a place in emby to install an cacert. Thanks a lot Edited February 20, 2019 by looking111
looking111 30 Posted February 19, 2019 Author Posted February 19, 2019 Hi, client certificates for who? For Emby. If i show logs so i would say emby did'nt use ubuntu's default certificatestore. A CA is needed that you can contact sites with https. Here an simple picture that explain it. https://cookbook.fortinet.com/why-you-should-use-ssl-inspection/
Tur0k 148 Posted February 19, 2019 Posted February 19, 2019 If this is for IPS I think you need to install the very on the client endpoints. Sent from my iPhone using Tapatalk
looking111 30 Posted February 19, 2019 Author Posted February 19, 2019 (edited) If this is for IPS I think you need to install the very on the client endpoints. Sent from my iPhone using Tapatalk nearly but yes. You need the very, so the ca certificate on each client in the network to browse https webservices. @@Luke I mean sites like MovieDB or https://api.themoviedb.org .... I have installed the PFX. But i think this is only for emby itself. Edited February 19, 2019 by looking111
Luke 42077 Posted February 19, 2019 Posted February 19, 2019 Under the app dir you'll find: /etc/ssl/certs/ca-certificates.crt I suppose you can much with that but please note, you're in uncharted territory by doing this as we haven't tested this. Thanks.
looking111 30 Posted February 19, 2019 Author Posted February 19, 2019 Under the app dir you'll find: /etc/ssl/certs/ca-certificates.crt I suppose you can much with that but please note, you're in uncharted territory by doing this as we haven't tested this. Thanks. Thank you. Yes, the certificate is already included there. I'll do some tests and exlude emby from this Inspectionrule for the first. Maybe it is an other error too.
looking111 30 Posted February 20, 2019 Author Posted February 20, 2019 Ok, i was not able to tell emby to use this CA. So i've done an exclude policies for emby. This way is also ok. Not the nicest, but ok.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now