If you have not already, we suggest setting your Plex username to something else rather than email which is displayed on your posts in forum. You can change the username at https://app.plex.tv/desktop#!/account
Welcome to our forums! Please take a few moments to read through our Community Guidelines (also conveniently linked in the header at the top of each page). There, you'll find guidelines on conduct, tips on getting the help you may be searching for, and more!

Plexamp - Self-Signed Certificate Error for trusted certificate

kevin.burdettkevin.burdett Posts: 9Members, Plex Pass Plex Pass

First off, I am VERY excited about Plexamp :) Kudos for putting it together. My PMS is primarily used for music, so I love the idea of a smaller, music-focused player.

That said, I can't get it to work :( I am receiving a self-signed certificate error and it is unable to connect to my PMS. I actually run my own Certificate Authority for all of my home network devices. I suppose one might consider this a self-signed certificate, but it is not. Semantics aside, the certificate installed on my PMS follows the standard three-tier chain (cert -> intermediate -> root). I have a Root CA installed and trusted on my local computer to establish the chain of trust.

Using Windows' certlm, my Root Certificate is install at Certificates - Local Computer/Trusted Root Certificate Authorities/Certificates. The certificate is valid, not expired and trusted for all usages.

Here is the relevant bits from my Application.log (domain changed to protect the innocent)

Dec 22, 2017 18:55:19.969 INFO - DEVICE: Player connection worked for despina ~ http://10.0.1.5:20000
Dec 22, 2017 18:55:19.984 WARN - DEVICE: Server connection https://plex.<my domain>.com didn't work for sycorax: self signed certificate in certificate chain
Dec 22, 2017 18:55:19.987 WARN - DEVICE: Server connection https://10.0.0.51:32400 didn't work for sycorax: self signed certificate in certificate chain
Dec 22, 2017 18:55:19.988 WARN - DEVICE: Server connection https://plex.<my domain>.com:32400 didn't work for sycorax: self signed certificate in certificate chain

For clarity, sycorax, 10.0.0.51 and plex..com all point to the same PMS server.

All three addresses & ports go to the same place (443 routes through an NGINX reverse-proxy, 32400 requests are direct, both have the same certificate installed). I tested and confirmed that all three address and port combinations are online and functional both inside and outside my network. I also confirmed that Google Chrome and Microsoft Edge both agree that the cert has a valid chain of trust. Plex Media Player and Plex Web also connect without issue, over a secure connection (confirmed with the "green lock" from the same computer). My PMS is configured to prefer, but not require secure connections.

I'm not really sure how to debug further, any advice would be welcome.

Comments

  • SirMenglerSirMengler Posts: 5Members, Plex Pass Plex Pass

    I've got the same issue here. The cert is issued from my in-house CA and trusted by all the machines on the domain. Is there a way to have Plexamp use the system trust?


    Chief Executive Awesome

  • elanelan CTO and Co-founder MauiPosts: 6,940Members, Plex Employee, Plex Pass, Plex Ninja Plex Employee

    So just to clarify, you guys both have a custom cert installed on your media server? I'm wondering if we can simply ignore it in our connection testing and use the plex.direct one.

    And PMS is terminating the SSL connection, not some proxy, right?

    instagram @elan // the wife's photography site.
    the Medium page // the dog's twitter feed.

  • kevin.burdettkevin.burdett Posts: 9Members, Plex Pass Plex Pass

    @elan yep, in order:

    1. I have a custom cert installed on my PMS with a valid trust chain
    2. My PMS is terminating the SSL.

    I'm not sure how you'd ignore it. Maybe setup a special route that always serves the plex.direct cert, even when a custom cert is installed? Seems like it'd be easier to just use the OS trust chain, but you guys are the experts :)

  • kevin.burdettkevin.burdett Posts: 9Members, Plex Pass Plex Pass

    For the benefit of @SirMengler and others, elan contacted me to test on my PMS and believes he has a fix. A new build is forthcoming, but no date offered.

  • elanelan CTO and Co-founder MauiPosts: 6,940Members, Plex Employee, Plex Pass, Plex Ninja Plex Employee

    Thanks to @kevin.burdett and @stedaniels for their help in tracking down the issue, we've fixed it for the next release.

    instagram @elan // the wife's photography site.
    the Medium page // the dog's twitter feed.

  • SirMenglerSirMengler Posts: 5Members, Plex Pass Plex Pass

    Thanks for the update all. Got the new build today and it is working beautifully.

    Love being able to have a small app in the corner of my display for my music instead of the full web view.

    How is is that Plex continues to impress constantly. :smile:


    Chief Executive Awesome

  • gineergineer Posts: 7Members, Plex Pass Plex Pass

    Cross-posting from here: https://forums.plex.tv/discussion/317409/plexamp-1-0-5-cannot-connect-to-server

    Did anyone with self signed certs experience downtime over the weekend using Plexamp?

Sign In or Register to comment.