I access my Plex server via my domain name. I would like the ability to upload and utilize my own SSL certificate rather than the cert provided by the new plex.tv system.
I access my Plex server via my domain name. I would like the ability to upload and utilize my own SSL certificate rather than the cert provided by the new plex.tv system.
See this thread https://forums.plex.tv/topic/165660-pms-09123-https/ question still not answered regarding self certificate but there is info to get access via you domain name.
I'd love this! Also, there should not be a super big issues as newer browsers can do SNI so there are 2 virtual hosts, one for the plex certificate and one for the user supplied one with the same content, that should make everyone happy.
Even if there are no changes to the webinterface and it simply the plex generated hostname aside from loading the local web app it should still just work. With or without green lock, depending on how the use supplied certificate is signed.
Problem is that with a user supplied cert you simply flip the problem from your domain not passing SSL validation to all Plex apps (plex.tv, Android, PHT, etc) failing that check
Edit: after reading about SNI that you linked I’ll have to say that is interesting.
Sent from my Nexus 5 using Tapatalk
The way around this OrinShock is for Plex to allow both the user’s cert to be copy/pasted or input as well as to let them specify their own ddns or domain name.
When the server connect to plex.tv it hands off these two pieces of info which get updated to the database that plex.tv uses to track what servers are online/offline.
Then when every a person is accessing this server plex.tv see’s the server is online and uses it’s domain and cert instead of the cert/long ip name string it uses now.
done like this all reference are always to the domain name and use the clients cert. All will be well.
Problem is that with a user supplied cert you simply flip the problem from your domain not passing SSL validation to all Plex apps (plex.tv, Android, PHT, etc) failing that check
Edit: after reading about SNI that you linked I'll have to say that is interesting.
Sent from my Nexus 5 using Tapatalk
Exactly, with SNI (and setting the virtual host with the plex generated certificate as default) 'should' make no difference for anything as it it now.
When using an SNI enabled browser chrome/firefox/recent IE should allow them to hit the alternative vhost with the user supplied certificate and presto, everything should be good.
Early 2021 clean-up: implemented (Settings > Network > Custom Certificate...)
