Jacques 0 Posted February 16, 2021 Posted February 16, 2021 Hi, Recently I have been struggling to connect to Emby outside of my network. I originally thought it was my router however I have just checked and Emby is reporting my SSL port is 8096 however my public HTTPS port is set to 8920. Nothing that I am aware of has changed as I have a two year SSL certificate so haven't touched it for the last few months. I have attached my logs. What would be causing Emby to report using 8096 for both HTTP and HTTPS? embyserver.txt
Luke 42079 Posted February 16, 2021 Posted February 16, 2021 Hi, https does not default to 8096. Why do you think that it does?
rbjtech 5284 Posted February 16, 2021 Posted February 16, 2021 (edited) Emby cannot read your pfx/cert for some reason - this is why https is not working for you. 2021-02-16 16:01:44.502 Error App: Error loading cert from C:\ssl\***YOUR_DOMAIN***.pfx *** Error Report *** Version: 4.5.4.0 Command line: C:\Users\Administrator.MICROSERVERGEN8\AppData\Roaming\Emby-Server\system\EmbyServer.dll -noautorunwebapp Operating system: Microsoft Windows 10.0.17763 Framework: .NET Core 3.1.9 OS/Process: x64/x64 Runtime: C:/Users/Administrator.MICROSERVERGEN8/AppData/Roaming/Emby-Server/system/System.Private.CoreLib.dll Processor count: 4 Data path: C:\Users\Administrator.MICROSERVERGEN8\AppData\Roaming\Emby-Server Application path: C:\Users\Administrator.MICROSERVERGEN8\AppData\Roaming\Emby-Server\system Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access denied. at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(Byte[] rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags) at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(Byte[] rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password) at Emby.Server.Implementations.ApplicationHost.GetCertificate(CertificateInfo info) Source: System.Security.Cryptography.X509Certificates TargetSite: Internal.Cryptography.Pal.Native.SafeCertContextHandle FilterPFXStore(Byte[], Microsoft.Win32.SafeHandles.SafePasswordHandle, Internal.Cryptography.Pal.Native.PfxCertStoreFlags) Try copying it into the emby root (and tell emby it's new path), or give emby access to the c:\ssl subdirectory perhaps ? edit - removed your domain from the extract... Edited February 16, 2021 by rbjtech 1
Jacques 0 Posted February 16, 2021 Author Posted February 16, 2021 4 minutes ago, Luke said: Hi, https does not default to 8096. Why do you think that it does? Sorry I know it doesn't default to that port. It now uses 8092 and not 8920. I have it set to 8920 in the web UI however on the dashboard page it continues to show port 8092 being used for both http and https.
Jacques 0 Posted February 16, 2021 Author Posted February 16, 2021 19 minutes ago, Luke said: Can you show a screenshot? Thanks. Yes certainly. Please see attached
Luke 42079 Posted February 16, 2021 Posted February 16, 2021 That's the public port value. You must have configured it to be that way.
rbjtech 5284 Posted February 16, 2021 Posted February 16, 2021 (edited) Fix the cert - see my first post ! This setting is also important - if you allow both http and https connections - then it will show both (should be different ports) - so I would set to secure ONLY and then I believe the external option will disappear, because it is not https - because the cert has failed to load. Edited February 16, 2021 by rbjtech 2
Carlo 4561 Posted February 16, 2021 Posted February 16, 2021 Yes agree with @rbjtech you have a cert problem which means you have NO ability to use SSL until that's fixed.
Jacques 0 Posted February 17, 2021 Author Posted February 17, 2021 21 hours ago, rbjtech said: Fix the cert - see my first post ! This setting is also important - if you allow both http and https connections - then it will show both (should be different ports) - so I would set to secure ONLY and then I believe the external option will disappear, because it is not https - because the cert has failed to load. Hello, thanks for your comments. I've done what you suggested, moved the SSL cert to the root of Emby install and I have also made it require SSL connections however this still hasn't fixed the issue and wan is still showing on the dashboard as using port 8096 and not 8920 which is specified in network settings.
Carlo 4561 Posted February 17, 2021 Posted February 17, 2021 Did you check your log to see if it's still generating an error? Chances are you have a bad cert.
rbjtech 5284 Posted February 17, 2021 Posted February 17, 2021 Did you point emby to the new cert location ? Admin|Network|Custom SSL certificate path + any passwords ? It is also worth checking the cert is valid - run this from the command line. C:\>certutil -dump "C:\location_of_your_cert\certname.pfx" Can you cycle the log, restart the emby server and post a new log. We basically need to see if emby is reading/accepting the cert - then we can go on from there.
Jacques 0 Posted February 17, 2021 Author Posted February 17, 2021 Hello, thanks again for the help. Here is the error code from the logs. It is still showing as access denied. I have also attached the CMD output you asked for. 2021-02-17 17:35:28.211 Error App: Error loading cert from C:\Users\Administrator.MICROSERVERGEN8\AppData\Roaming\Emby-Server\media.steventon.co.pfx *** Error Report *** Version: 4.5.4.0 Command line: C:\Users\Administrator.MICROSERVERGEN8\AppData\Roaming\Emby-Server\system\EmbyServer.dll -noautorunwebapp Operating system: Microsoft Windows 10.0.17763 Framework: .NET Core 3.1.9 OS/Process: x64/x64 Runtime: C:/Users/Administrator.MICROSERVERGEN8/AppData/Roaming/Emby-Server/system/System.Private.CoreLib.dll Processor count: 4 Data path: C:\Users\Administrator.MICROSERVERGEN8\AppData\Roaming\Emby-Server Application path: C:\Users\Administrator.MICROSERVERGEN8\AppData\Roaming\Emby-Server\system Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access denied. at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(Byte[] rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags) at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(Byte[] rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password) at Emby.Server.Implementations.ApplicationHost.GetCertificate(CertificateInfo info) Source: System.Security.Cryptography.X509Certificates TargetSite: Internal.Cryptography.Pal.Native.SafeCertContextHandle FilterPFXStore(Byte[], Microsoft.Win32.SafeHandles.SafePasswordHandle, Internal.Cryptography.Pal.Native.PfxCertStoreFlags)
rbjtech 5284 Posted February 17, 2021 Posted February 17, 2021 (edited) Something is wrong with your Cert - as the Encryption test FAILED. The fact you have got the info from it, means you are using the correct password in certutil. All I can suggest is re-creating it (if you are able to) and try again - this is likely why emby is rejecting it and thus emby is not working for you in SSL mode. You need certutil to say "Encryption test passed" Edited February 17, 2021 by rbjtech
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now