Comment

Comment on How do I securely host Jellyfin? (Part 2)

N0x0n@lemmy.ml ⁨1⁩ ⁨week⁩ ago

I don’t get that… What or where?

I have self-signed SSL certificate and intermediateCA installed on all my devices and works flawlessly with every application that accept those (on android the manifest.XML has to allow user based certificate which is in most cases).

One exception on Android was the use of MPV which doesn’t do that and never will? However, the web player video type from official application works without issues…

I have navidrome, jellyfin, Ironfox, LibreTube, KoReader, Findroid… All work flawlessly with self-signed certs !

The issue here (as said in the second post of his linked jellyfin post) is that them needs a reverse proxy that takes care of the SSL handshake and not jellyfin directly. So OP was missing a lot good information in them’s first post…

source

Sort:hotnew top

catloaf@lemm.ee ⁨1⁩ ⁨week⁩ ago
If it’s signed by an intermediate CA, then it’s not self-signed.

source
- N0x0n@lemmy.ml ⁨1⁩ ⁨week⁩ ago
  Huh? Yeah it is… It’s a self-signed intermediate CA, signed by a self-signed rootCA.
  
  In my case a miniCA in my lan.
  
  source
  - catloaf@lemm.ee ⁨1⁩ ⁨week⁩ ago
    Right. If it’s signed by a CA, it’s not self signed. Self signed means signed by nobody but the server that generated it.
    
    self-signed certificates are public key certificates that are not issued by a certificate authority (CA)
    
    en.wikipedia.org/wiki/Self-signed_certificate
    
    An internal CA whose signing certs you’ve manually installed is still a trusted CA.
    
    source
    N0x0n@lemmy.ml ⁨1⁩ ⁨week⁩ ago
    Ohhhhh ! Sometimes I just need to sh*up !
    
    Thanks for the clarification.
    
    source