HTTPS Support

[Koleckai Silvestri 1150]

Is this still planned for the server component?

 

Personally, I'd consider it critical security for any kind of Connect functionality.

[Luke 37063]

Yes it is and someone new has stepped up to help deliver it:

 

https://github.com/MediaBrowser/SocketHttpListener/pull/1

[ebr 14912]

Is this still planned for the server component?

 

Personally, I'd consider it critical security for any kind of Connect functionality.

 

Yes, it is being worked on now and good progress is being made.

 

Just for my information, why do you consider ssl critical for Connect?

[njramsfan 0]

would this also include ftp ddns support? my local storage is connected to the web using asus ftp ddns services (ai cloud) and would love to connect to it directly from the outside.. sorry for the dumb questions. I'm new to networking...

 

thanks 

Edited January 9, 2015 by njramsfan

[steini 1]

I saw that this has been merged in master.

 

Built the latest master but cannot figure out how to enable https 

 

In the config I see this:   <HttpsPortNumber>8920</HttpsPortNumber>

 

Do I manually have to enable https for now?

[Koleckai Silvestri 1150]

Yes, it is being worked on now and good progress is being made.

 

Just for my information, why do you consider ssl critical for Connect?

 

Not sure why anyone would want to allow insecure connections into their home network with financial, medical and personal information on your local machines. Connect allows people to connect to your home network and potentially exploit weaknesses. Unencrypted Network Traffic, IP addresses and security hashes are very easy to spoof. 

[jabbera 23]

 

I saw that this has been merged in master.

 

Built the latest master but cannot figure out how to enable https 

 

In the config I see this:   <HttpsPortNumber>8920</HttpsPortNumber>

 

Do I manually have to enable https for now?

 

 

The entire support has not been merged into dev yet. Just a very small part. Unfortunately enabling https is not as simple as specifying a port. You will need a certificate which can be generated or purchased. Additionally all of the clients will need to be updated to support this change. At the beginning it will only be the web client. This is going to require a significant amount of documentation most likely.

[steini 1]

The entire support has not been merged into dev yet. Just a very small part. Unfortunately enabling https is not as simple as specifying a port. You will need a certificate which can be generated or purchased. Additionally all of the clients will need to be updated to support this change. At the beginning it will only be the web client. This is going to require a significant amount of documentation most likely.

 

In the latest builds it working pretty well

 

Now all I need is support for the kodi plugin

[simono5 21]

In the latest builds it working pretty well

 

Now all I need is support for the kodi plugin

I have a certificate but not sure how to apply it to the server.  I'm running the server on W8.1.  Would you mind pointing me in the right direction please?

[Happy2Play 8281]

I have a certificate but not sure how to apply it to the server.  I'm running the server on W8.1.  Would you mind pointing me in the right direction please?

Advanced-Hosting-Custom Certificate Path

[simono5 21]

Advanced-Hosting-Custom Certificate Path

Thank you, do I need to link to the crt file that I have for my certificate?

 

And do I need to add the certificate via Win 8,1 cert manager on the MBS server?

[jabbera 23]

Thank you, do I need to link to the crt file that I have for my certificate?

 

And do I need to add the certificate via Win 8,1 cert manager on the MBS server?

You do not need the certificate added to the local certificate repo. We only support un-password protected pfx files. Usually crt files only contain one certificate and are not what you want to use for https support. By default MBS will generate a self signed cert using the external dns name as the common name for the certificate. IF you don't have a cert from an actual authority this is probably what you want

[mbnwa 49]

Thank you, do I need to link to the crt file that I have for my certificate?

 

And do I need to add the certificate via Win 8,1 cert manager on the MBS server?

 

If you want to use a real SSL certificate that you acquired from a CA you can do so by the following:

 

Q: How do I generate the CSR from the GUI?

 

A: Utilizing NameCheap for SSL cert's for 9.95yr (5yr @ 7.95ea) I generated the CSR by visiting https://www.gogetssl...-csr-generator/ generate the CSR login into NameCheap paste the CSR, Validate the SSL request via email after getting the CRT you will need to create a pfx file for MediaBrowser to use put your private key that was provided to you when you generated the CSR into a file example host.domain.com.key and paste your CRT that you got from NameCheap into a file example host.domain.com.crt and generate the pfx by executing:  openssl pkcs12 -export -out host.domain.com.pfx -inkey host.domain.com.key -in host.domain.com.crt - after move the pfx file to your directory tell MediaBrowser to use that file for SSL and restart MediaBrowser.

Edited January 27, 2015 by mbnwa

[mouseware 9]

Thank you, do I need to link to the crt file that I have for my certificate?

 

And do I need to add the certificate via Win 8,1 cert manager on the MBS server?

 

Do you have a public and private key with this certificate? You can "import' it into Windows using the Certificate Snapin, and then you can export as PFX format which should contain the Cert, Chain and Private key. I thought it required a password to export, however... Regardless, if you have the private key, you can use OpenSSL to convert it to any needed format.