Linux Tips

General Discussions Tips, Tricks & How-Tos

ChuckPa April 5, 2023, 1:53am 25

OpenSSL v3.0.0 and PMS.

For those using their own domains and certificates with PMS ,

PMS 1.32.0.6865 and above updates OpenSSL from v1.1.1 to v3.0.0 .
(changed the numbering scheme in the process)

The consequence of this is OpenSSL v3 removed several “less secure” encryption methods.

The impact on you, if you’re using an older distributions where openssl v3 is not the default, if not already doing so, you will need pay special attention to how your certificates are generated

As example, upgrade (specify) a better encryption

# Generate  p12 (Acme LE is valid until 2025)
openssl pkcs12 -export -out my-fdqn-tld.p12 \
	-inkey my-fqdn-tld.key -in my-fqdn-tld.crt \
	-certfile CertAuth.crt \
	-password pass:PASSWORD_HERE

IMPROVED

# Generate new p12 (Acme LE is valid until 2025)
openssl pkcs12 -export -out my-fdqn-tld.p12 \
	-certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA256 \
	-inkey my-fqdn-tld.key -in my-fqdn-tld.crt \
	-certfile CertAuth.crt \
	-password pass:PASSWORD_HERE

The key change is to select a better encryption:

-certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA256 \

To implement

Update certificate creation scripting to include AES-256 (or better) as shown above.
Regenerate P12 file and store where PMS expects it
Restart PMS after updated cert installation ( PMS loads certs at startup only)

The reason for this change is the inevitability of the current libraries being EOL.

Observe:

REF:

Back to top

9 Likes

Certificate problems on new server 1.32.0.6865

Custom PMS SSL Certificate - digital envelope routines::unsupported error SOLUTION

1.32.0.6865 Breaks custom SSL certificate

Certificate error after updating to 1.32

Certificate error accessing plex on windows server x64 xxxx.plex.direct

Custom certificate not working

Plex Media Server v1.32.0.6918 can't use user-provided certificate

SSL Certificate Errors

Plex not picking up any matches as of 3 days ago

SSL became broken after latest PMS Update

Plex certificate error

PMS SSL Uses *.plex.direct Let's Encrypt SSL certificate instead of custom configured certificate

Custom domain ssl does not work after update to server version 1.32.0.6918

"Conversion failed" on multiple clients

1.32.x Breaks Plugins on Windows (OpenSSL)

Plex not using my SSL Certificate after v1.31.3.6868 (tried 1.32.1.6918 & 1.32.1.6999) on Server22

CERT: incomplete TLS handshake from [::ffff:192.168.1.1]:58888: sslv3 alert certificate unknown (SSL

Issue with i915 transcoding on ubuntu 20.04

Plex in Docker on VM (ESXi 8.0), using nvidia hardware dec/enc (brand new install)

[CERT] TLS connection from 192.168.7.4:2XXX came in with non-plex.direct SNI 'XXXXXX.synology.me'

No server access via VPN

Server showing remote if accessed via internal dns

Plex instance can't scan library, add in Plex & Plexamp. Seems like a network issue

New Linux Plex Server - No Remote Access

Upgrading to Version 1.32.0.6918 removes custom ssl certificates

Plex series agent not working

Certificate error after updating to 1.32

Plex Web App won't connect to server following server update - 1.32.0.6950

Plex Employee to Reset Server Certificate? "API rate limit exceeded" error

PMS SSL Uses *.plex.direct Let’s Encrypt SSL certificate instead of custom configured certificate

Unrecognized domain / IP

Certificate error after updating to 1.32

Plex Media Server v1.32.0.6918 can't use user-provided certificate

Plex Employee to Reset Server Certificate? "API rate limit exceeded" error

CERT: incomplete TLS handshake from [::ffff:192.168.1.1]:58888: sslv3 alert certificate unknown (SSL

SSL Certificate Errors

Plex Custom SSL Certificate Appears Broken

PMS SSL Uses *.plex.direct Let's Encrypt SSL certificate instead of custom configured certificate

Suddenly no remote access

Custom Domain Certificate Not Used

Some SSL error with custom certificate

(RESOLVED) Remote Access failing for 3 days, nothing helping (Day 18)

CERT: incomplete TLS handshake from - sslv3 alert certificate expired

(RESOLVED) Remote Access failing for 3 days, nothing helping (Day 18)

Headless Plexamp using wrong url to connect to PMS

[SOLVED]'*.plex.direct' SSL Cert miss-match error

Plex Media Server 1.32.0.6918 custom certificate must be regenerated with new OpenSSL arguments

Plex Media Server v1.32.0.6918 can't use user-provided certificate

Topic		Replies	Views
Plex Wont Read Folders/Files on Mounted Drive in Linux Mint Desktops & Laptops server-linux	61	64726	March 13, 2020
Trying to setup new server, "There are no items in this library" Desktops & Laptops server-linux	32	11567	January 8, 2020
PMS Migration Install Fail Desktops & Laptops server-linux	81	2137	August 13, 2019
Plex Media Server on Linux Mint Cinnamon 64-bit also Plex Home Theater or Plex Media Player Desktops & Laptops server-linux	51	4201	December 8, 2019
PLEX en LinuxMint no detecta archivos en disco 4 TB xfs Español - Spanish	28	1635	January 8, 2020

Linux Tips

OpenSSL v3.0.0 and PMS.

PREVIOUS

IMPROVED

To implement

The reason for this change is the inevitability of the current libraries being EOL.

Back to top

Related topics