• Login
  • Register
  • Login Register
    Login
    Username/Email:
    Password:
    Or login with a social network below
  • Forum
  • Website
  • GitHub
  • Status
  • Translation
  • Features
  • Team
  • Rules
  • Help
  • Feeds
User Links
  • Login
  • Register
  • Login Register
    Login
    Username/Email:
    Password:
    Or login with a social network below

    Useful Links Forum Website GitHub Status Translation Features Team Rules Help Feeds
    Jellyfin Forum Support Troubleshooting Networking & Access app Android via HTTPS

     
    • 0 Vote(s) - 0 Average

    app Android via HTTPS

    Jellyfin does not work on Android via HTTPS
    gobanow
    Offline

    Junior Member

    Posts: 6
    Threads: 1
    Joined: 2024 May
    Reputation: 0
    #1
    2024-05-08, 09:42 AM (This post was last modified: 2024-05-08, 09:46 AM by gobanow. Edited 3 times in total.)
    Hi
    I don't use a proxy.
    Jellyfin installed in Docker compose
    Where did I make a mistake?
    Through the browser - it works.
    Through the Android mobile app Jellyfin - no.
    I use OMV 7.0.5-1 (Sandworm)

    Using the instructions for jellyfin, I'm trying to launch it via https.
    Created a self-signed certificate in PKCS 12 format (I use the whole chain - root key, root certificate, intermediate certificate) in the *.pfx file
    Code
    Code:
    openssl pkcs12 -export -out jellyfin.pfx -inkey privkey.pem -in cert.pem -CAfile chain.crt -passout pass:12345678
    where:
    privkey.pem - is the private key of the certificate,
    cert.pem - is a certificate in text format (PEM),
    jellyfin.pfx - is the name of the resulting file,
    chain.crt - is the root and intermediate certificates combined in one file: Root, First intermediate certificate, Second intermediate certificate.
    chain.crt creating:
    Code: chain.crt creating
    Code:
    cat cert.pem intermediate.crt > chain.crt
    privkey.pem and cert.pem creating:
    Code: privkey.pem and cert.pem creating
    Code:
    openssl req -x509 -newkey rsa:4096 -keyout ./privkey.pem -out cert.pem -days 1000 -nodes -subj '/CN=jellyfin.lan'
    intermediate.crt creating:
    Code: I am generating a CSR in the intermediate.csr file


    openssl req            \
      -new                  \
      -key intermediate.key \
      -subj "/CN=TEST Intermediate CA/C=EU/O=TEST Ltd" \
      -out intermediate.csr
    Code: Generating intermediate.crt

    openssl x509          \
      -req                \
      -in intermediate.csr \
      -days 1000          \
      -CA cert.pem        \
      -CAkey privkey.pem  \
      -extfile <(echo -e "basicConstraints=CA:true\nkeyUsage=keyCertSign") \
      -out intermediate.crt

    Through the browser - it works.
    Through the Android mobile app Jellyfin - no.
    writes "it is impossible to access the server".
    neither via IP-address, nor via hostname.
    Almost like the instructions turned out) it's a pity that it's not working yet
    Where did I make a mistake?
    Thanks
    TheDreadPirate
    Offline

    Community Moderator

    Posts: 15,374
    Threads: 10
    Joined: 2023 Jun
    Reputation: 460
    Country:United States
    #2
    2024-05-08, 02:44 PM
    You'd need to add your server cert to your phone's trust store since the Android app has no way to add one locally like the browser does.
    Jellyfin 10.10.7 (Docker)
    Ubuntu 24.04.2 LTS w/HWE
    Intel i3 12100
    Intel Arc A380
    OS drive - SK Hynix P41 1TB
    Storage
        4x WD Red Pro 6TB CMR in RAIDZ1
    [Image: GitHub%20Sponsors-grey?logo=github]
    gobanow
    Offline

    Junior Member

    Posts: 6
    Threads: 1
    Joined: 2024 May
    Reputation: 0
    #3
    2024-05-08, 05:47 PM
    (2024-05-08, 02:44 PM)TheDreadPirate Wrote: You'd need to add your server cert to your phone's trust store since the Android app has no way to add one locally like the browser does.

    yes, I add it to
    the Samsung phone, the certificate is not added to the "Security certificates" (trusted certificates), writes "it is impossible to use the file as a CA certificate",
    it is installed only in the user certificates "VPN certificate and applications" that does not work, the Jellyfin app does not see it?

    where could there be a problem with the certificate?
    the OMV certificate itself (, generated from the web interface and signed, was added there and works, but this certificate (Jellyfin) does not want to, I make a mistake somewhere
    gobanow
    Offline

    Junior Member

    Posts: 6
    Threads: 1
    Joined: 2024 May
    Reputation: 0
    #4
    2024-05-08, 05:56 PM
    I tried to dig even deeper, created a leaf server certificate.

    Key

    Code:
    openssl req -x509 -newkey rsa:4096 -keyout ./sever.pem -days 1000 -nodes -subj '/CN=jellyfin-server'

    Csr

    Code:
    openssl req      \
      -new            \
      -key sever.pem \
      -subj "/CN=Jellyfin-server" \
      -out server.csr

    Crt

    Code:
    openssl x509              \
      -req                    \
      -in server.csr          \
      -days 1000              \
      -CA intermediate.crt    \
      -CAkey intermediate-key.pem \
      -extfile <(echo -e "basicConstraints=CA:false\nkeyUsage=digitalSignature\nsubjectAltName=DNS:localhost") \
      -out server.crt

    Сombining the server certificate and the intermediate one:

    Code:
    cat server.crt intermediate.crt > chain2.crt

    Сreating PKCS12:

    Code:
    openssl pkcs12 -export -out jellyfin2.pfx -inkey privkey.pem -in cert.pem -CAfile chain2.crt -passout pass:12345678

    I give you the rights:

    Code:
    chmod 644 jellyfin2.pfx

    In Chrome, Jellyfin is launched via https, there is no android app
    This certificate also does not want to be added to the "Security Certificates"
    I don't understand where the error is
    gobanow
    Offline

    Junior Member

    Posts: 6
    Threads: 1
    Joined: 2024 May
    Reputation: 0
    #5
    2024-05-09, 11:07 AM (This post was last modified: 2024-05-09, 11:07 AM by gobanow. Edited 1 time in total.)
    I tried it in legacy format, it still doesn't work

    Code:
    openssl pkcs12 -nodes jellyfin2.pfx certbag.pem
    openssl pkcs12 -export -legacy -in certbag.pem > /tmp/legacy.p12
    TheDreadPirate
    Offline

    Community Moderator

    Posts: 15,374
    Threads: 10
    Joined: 2023 Jun
    Reputation: 460
    Country:United States
    #6
    2024-05-09, 12:45 PM
    Any particular reason you are using a self-signed cert over a legit, and free, cert from Let's Encrypt? If you use Caddy as a reverse proxy, Caddy can automate the cert request and installation into caddy.
    Jellyfin 10.10.7 (Docker)
    Ubuntu 24.04.2 LTS w/HWE
    Intel i3 12100
    Intel Arc A380
    OS drive - SK Hynix P41 1TB
    Storage
        4x WD Red Pro 6TB CMR in RAIDZ1
    [Image: GitHub%20Sponsors-grey?logo=github]
    gobanow
    Offline

    Junior Member

    Posts: 6
    Threads: 1
    Joined: 2024 May
    Reputation: 0
    #7
    2024-05-09, 04:16 PM (This post was last modified: 2024-05-09, 04:18 PM by gobanow. Edited 1 time in total.)
    (2024-05-09, 12:45 PM)TheDreadPirate Wrote: Any particular reason you are using a self-signed cert over a legit, and free, cert from Let's Encrypt?  If you use Caddy as a reverse proxy, Caddy can automate the cert request and installation into caddy.

    I do not want to load the system additionally and install profit unnecessarily, because I use Wireguard for remote access to Jellyfin.
    And I'm not sure that this will help, because my self-signed certificates work in Jellyfin via https in Chrome.
    I'm afraid I'll spend a couple of days studying Let's Encrypt and get the same thing.
    TheDreadPirate
    Offline

    Community Moderator

    Posts: 15,374
    Threads: 10
    Joined: 2023 Jun
    Reputation: 460
    Country:United States
    #8
    2024-05-09, 04:31 PM
    If you're already using Wireguard for remote access, what is the benefit from also using HTTPS? You are already encrypted end-to-end. There is no benefit to adding HTTPS and it is a pain in the butt to use self-signed certs with Jellyfin in Android.
    Jellyfin 10.10.7 (Docker)
    Ubuntu 24.04.2 LTS w/HWE
    Intel i3 12100
    Intel Arc A380
    OS drive - SK Hynix P41 1TB
    Storage
        4x WD Red Pro 6TB CMR in RAIDZ1
    [Image: GitHub%20Sponsors-grey?logo=github]
    gobanow
    Offline

    Junior Member

    Posts: 6
    Threads: 1
    Joined: 2024 May
    Reputation: 0
    #9
    2024-05-09, 04:37 PM
    (2024-05-09, 04:31 PM)TheDreadPirate Wrote: If you're already using Wireguard for remote access, what is the benefit from also using HTTPS?  You are already encrypted end-to-end.  There is no benefit to adding HTTPS and it is a pain in the butt to use self-signed certs with Jellyfin in Android.

    yes, I understand that wireguard encrypted everything, but the more protection, the better))
    Yes, it is a pain in the butt
    I think I'm ready to put up with http
    « Next Oldest | Next Newest »

    Users browsing this thread: 1 Guest(s)


    • View a Printable Version
    • Subscribe to this thread
    Forum Jump:

    Home · Team · Help · Contact
    © Designed by D&D - Powered by MyBB
    L


    Jellyfin

    The Free Software Media System

    Linear Mode
    Threaded Mode