2025-01-04, 04:24 AM
(This post was last modified: 2025-01-04, 02:41 PM by Ron (DJR). Edited 3 times in total.)
This is useful for those that don't care about a public DNS domain, or don't want to spend money on one. You can generate a self signed certificate and import it into the Mac keychain so that you can manually trust the cert.
This will not allow external clients to automatically trust your server. This is strictly for those who don't want public access to their servers but prefer to not have to worry about the non-secure warnings from your browsers. Apps may or may not let you use this, depending on whether the app allows self signed certs.
Open "Keychain" on your Mac (use the Siri/Search to find it).
If prompted to open Keychain or Passwords, choose Keychain and input your local Mac password
Click on System in the left Navigation
From the Keychain Access menu in the menubar (top left of your screen), select Certificate Assistant
In the dialog box
Name: DNS name of your Jellyfin server (example: Jellyfin.local )
Identity Type: Self Signed Root
Certificate Type: SSL Server
Click Done
Search for the cert in the search field using a part of the common name you used (example: jellyfin for a search term)
It should find your new cert under the Sytem menu.
Expand the twisty next to your new cert and a sub entry with a "Kind" value of Private Key, should be shown with the same name (jellyfin)
Right click on that private key and select "Export "Jellyfin" (again using my example common name)
Choose the location to save, and for the File Format, select .P12 if it is not already selected
(note the Save As value of the cert. This is the filename you will look for in your save location)
Click SAVE and then provide a password for your cert. Verify the password a second time and click ok.
The cert will be placed in your save location.
Copy that cert into a path on your Mac that the server has access to. I placed mine in a folder under my media share location.
(OPTIONAL: If you created the cert on a Mac this is NOT your jellyfin server, copy it to the Mac in a location as noted in the above step).
Go into the Jellyfin settings under Networking
Under the Server Address Settings, place a check in the "Enable HTTPS"
In the HTTPS Settings section, make sure "Require HTTPS" is NOT checked. You can enable this after you confirm it's working.
In the Custom SSL certificate path, browse to your .P12 certificate (jellyfin.p12 in our example). use the Magnifying glass to browse rather than typing in the path. it should prompt to allow access if it's in a restricted folder.
Input the password you used when creating the certificate above.
Scroll to the very bottom of that settings page and click the SAVE button.
Now from any pc, browse to your servers dns name ( https://jellyfin.local:8920 ). It should warn you that the cert is self signed.
Select the option to examine/show the cert.
Expand the "Trust" twisty and change the default to "Always Trust" and click OK.
Select the options to Continue On to the Website.
It should now load in HTTPS and you can use the https: dns name rather than the old HTTP address. Just remember to change the port number in your HTTPS url to the default ( https://jellyfin.local:8920 ) or if you used a custom port, modify the URL as needed.
This will not allow external clients to automatically trust your server. This is strictly for those who don't want public access to their servers but prefer to not have to worry about the non-secure warnings from your browsers. Apps may or may not let you use this, depending on whether the app allows self signed certs.
Open "Keychain" on your Mac (use the Siri/Search to find it).
If prompted to open Keychain or Passwords, choose Keychain and input your local Mac password
Click on System in the left Navigation
From the Keychain Access menu in the menubar (top left of your screen), select Certificate Assistant
In the dialog box
Name: DNS name of your Jellyfin server (example: Jellyfin.local )
Identity Type: Self Signed Root
Certificate Type: SSL Server
Click Done
Search for the cert in the search field using a part of the common name you used (example: jellyfin for a search term)
It should find your new cert under the Sytem menu.
Expand the twisty next to your new cert and a sub entry with a "Kind" value of Private Key, should be shown with the same name (jellyfin)
Right click on that private key and select "Export "Jellyfin" (again using my example common name)
Choose the location to save, and for the File Format, select .P12 if it is not already selected
(note the Save As value of the cert. This is the filename you will look for in your save location)
Click SAVE and then provide a password for your cert. Verify the password a second time and click ok.
The cert will be placed in your save location.
Copy that cert into a path on your Mac that the server has access to. I placed mine in a folder under my media share location.
(OPTIONAL: If you created the cert on a Mac this is NOT your jellyfin server, copy it to the Mac in a location as noted in the above step).
Go into the Jellyfin settings under Networking
Under the Server Address Settings, place a check in the "Enable HTTPS"
In the HTTPS Settings section, make sure "Require HTTPS" is NOT checked. You can enable this after you confirm it's working.
In the Custom SSL certificate path, browse to your .P12 certificate (jellyfin.p12 in our example). use the Magnifying glass to browse rather than typing in the path. it should prompt to allow access if it's in a restricted folder.
Input the password you used when creating the certificate above.
Scroll to the very bottom of that settings page and click the SAVE button.
Now from any pc, browse to your servers dns name ( https://jellyfin.local:8920 ). It should warn you that the cert is self signed.
Select the option to examine/show the cert.
Expand the "Trust" twisty and change the default to "Always Trust" and click OK.
Select the options to Continue On to the Website.
It should now load in HTTPS and you can use the https: dns name rather than the old HTTP address. Just remember to change the port number in your HTTPS url to the default ( https://jellyfin.local:8920 ) or if you used a custom port, modify the URL as needed.