Comment on How do I securely host Jellyfin? (Part 2)
catloaf@lemm.ee 1 week agoIt sounds like the clients do not have the ability to manually trust a self-signed cert.
Comment on How do I securely host Jellyfin? (Part 2)
catloaf@lemm.ee 1 week agoIt sounds like the clients do not have the ability to manually trust a self-signed cert.
N0x0n@lemmy.ml 1 week ago
I don’t get that… What or where?
I have self-signed SSL certificate and intermediateCA installed on all my devices and works flawlessly with every application that accept those (on android the manifest.XML has to allow user based certificate which is in most cases).
One exception on Android was the use of MPV which doesn’t do that and never will? However, the web player video type from official application works without issues…
I have navidrome, jellyfin, Ironfox, LibreTube, KoReader, Findroid… All work flawlessly with self-signed certs !
The issue here (as said in the second post of his linked jellyfin post) is that them needs a reverse proxy that takes care of the SSL handshake and not jellyfin directly. So OP was missing a lot good information in them’s first post…
catloaf@lemm.ee 1 week ago
If it’s signed by an intermediate CA, then it’s not self-signed.
N0x0n@lemmy.ml 1 week ago
Huh? Yeah it is… It’s a self-signed intermediate CA, signed by a self-signed rootCA.
In my case a miniCA in my lan.
catloaf@lemm.ee 1 week ago
Right. If it’s signed by a CA, it’s not self signed. Self signed means signed by nobody but the server that generated it.
en.wikipedia.org/wiki/Self-signed_certificate
An internal CA whose signing certs you’ve manually installed is still a trusted CA.