Koleckai Silvestri 1150 Posted January 8, 2015 Share Posted January 8, 2015 Is this still planned for the server component? Personally, I'd consider it critical security for any kind of Connect functionality. Link to comment Share on other sites More sharing options...
Luke 37063 Posted January 8, 2015 Share Posted January 8, 2015 Yes it is and someone new has stepped up to help deliver it: https://github.com/MediaBrowser/SocketHttpListener/pull/1 1 Link to comment Share on other sites More sharing options...
ebr 14912 Posted January 8, 2015 Share Posted January 8, 2015 Is this still planned for the server component? Personally, I'd consider it critical security for any kind of Connect functionality. Yes, it is being worked on now and good progress is being made. Just for my information, why do you consider ssl critical for Connect? Link to comment Share on other sites More sharing options...
njramsfan 0 Posted January 9, 2015 Share Posted January 9, 2015 (edited) would this also include ftp ddns support? my local storage is connected to the web using asus ftp ddns services (ai cloud) and would love to connect to it directly from the outside.. sorry for the dumb questions. I'm new to networking... thanks Edited January 9, 2015 by njramsfan Link to comment Share on other sites More sharing options...
steini 1 Posted January 15, 2015 Share Posted January 15, 2015 I saw that this has been merged in master. Built the latest master but cannot figure out how to enable https In the config I see this: <HttpsPortNumber>8920</HttpsPortNumber> Do I manually have to enable https for now? Link to comment Share on other sites More sharing options...
Koleckai Silvestri 1150 Posted January 15, 2015 Author Share Posted January 15, 2015 Yes, it is being worked on now and good progress is being made. Just for my information, why do you consider ssl critical for Connect? Not sure why anyone would want to allow insecure connections into their home network with financial, medical and personal information on your local machines. Connect allows people to connect to your home network and potentially exploit weaknesses. Unencrypted Network Traffic, IP addresses and security hashes are very easy to spoof. Link to comment Share on other sites More sharing options...
jabbera 23 Posted January 16, 2015 Share Posted January 16, 2015 I saw that this has been merged in master. Built the latest master but cannot figure out how to enable https In the config I see this: <HttpsPortNumber>8920</HttpsPortNumber> Do I manually have to enable https for now? The entire support has not been merged into dev yet. Just a very small part. Unfortunately enabling https is not as simple as specifying a port. You will need a certificate which can be generated or purchased. Additionally all of the clients will need to be updated to support this change. At the beginning it will only be the web client. This is going to require a significant amount of documentation most likely. Link to comment Share on other sites More sharing options...
steini 1 Posted January 26, 2015 Share Posted January 26, 2015 The entire support has not been merged into dev yet. Just a very small part. Unfortunately enabling https is not as simple as specifying a port. You will need a certificate which can be generated or purchased. Additionally all of the clients will need to be updated to support this change. At the beginning it will only be the web client. This is going to require a significant amount of documentation most likely. In the latest builds it working pretty well Now all I need is support for the kodi plugin Link to comment Share on other sites More sharing options...
simono5 21 Posted January 26, 2015 Share Posted January 26, 2015 In the latest builds it working pretty well Now all I need is support for the kodi plugin I have a certificate but not sure how to apply it to the server. I'm running the server on W8.1. Would you mind pointing me in the right direction please? Link to comment Share on other sites More sharing options...
Happy2Play 8281 Posted January 26, 2015 Share Posted January 26, 2015 I have a certificate but not sure how to apply it to the server. I'm running the server on W8.1. Would you mind pointing me in the right direction please? Advanced-Hosting-Custom Certificate Path Link to comment Share on other sites More sharing options...
simono5 21 Posted January 26, 2015 Share Posted January 26, 2015 Advanced-Hosting-Custom Certificate Path Thank you, do I need to link to the crt file that I have for my certificate? And do I need to add the certificate via Win 8,1 cert manager on the MBS server? Link to comment Share on other sites More sharing options...
jabbera 23 Posted January 27, 2015 Share Posted January 27, 2015 Thank you, do I need to link to the crt file that I have for my certificate? And do I need to add the certificate via Win 8,1 cert manager on the MBS server? You do not need the certificate added to the local certificate repo. We only support un-password protected pfx files. Usually crt files only contain one certificate and are not what you want to use for https support. By default MBS will generate a self signed cert using the external dns name as the common name for the certificate. IF you don't have a cert from an actual authority this is probably what you want Link to comment Share on other sites More sharing options...
mbnwa 49 Posted January 27, 2015 Share Posted January 27, 2015 (edited) Thank you, do I need to link to the crt file that I have for my certificate? And do I need to add the certificate via Win 8,1 cert manager on the MBS server? If you want to use a real SSL certificate that you acquired from a CA you can do so by the following: Q: How do I generate the CSR from the GUI? A: Utilizing NameCheap for SSL cert's for 9.95yr (5yr @ 7.95ea) I generated the CSR by visiting https://www.gogetssl...-csr-generator/ generate the CSR login into NameCheap paste the CSR, Validate the SSL request via email after getting the CRT you will need to create a pfx file for MediaBrowser to use put your private key that was provided to you when you generated the CSR into a file example host.domain.com.key and paste your CRT that you got from NameCheap into a file example host.domain.com.crt and generate the pfx by executing: openssl pkcs12 -export -out host.domain.com.pfx -inkey host.domain.com.key -in host.domain.com.crt - after move the pfx file to your directory tell MediaBrowser to use that file for SSL and restart MediaBrowser. Edited January 27, 2015 by mbnwa Link to comment Share on other sites More sharing options...
mouseware 9 Posted January 27, 2015 Share Posted January 27, 2015 Thank you, do I need to link to the crt file that I have for my certificate? And do I need to add the certificate via Win 8,1 cert manager on the MBS server? Do you have a public and private key with this certificate? You can "import' it into Windows using the Certificate Snapin, and then you can export as PFX format which should contain the Cert, Chain and Private key. I thought it required a password to export, however... Regardless, if you have the private key, you can use OpenSSL to convert it to any needed format. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now