For some reason, my tv is unable to connect with the server. It was fine a couple of days ago, but today I cannot connect. My computer has no problem connecting, so I don’t know what to do.
See if this is applicable to your situation:
Basically in a great move to promote e-waste Plex has decided to cut support for older TV’s as opposed to just letting them carry on connecting to the server with the features they currently support. There is a how to here regarding replacing the built in Plex certificate with your own to get back secure connections on all devices. Unless they come to their senses this is the only available fix outside of the ridicolous idea of enabling unsecured connections.
It was not Plex’s decision. It was a cryptographic certificate reaching the end of its validity period. A certificate which is enclosed by the manufacturer of the TV into the firmware of that TV.
The cert could be updated with a firmware update. However these manufacturers don’t deliver firmware updates for devices older than ~3 – 4 years.
1 Like
Thanks. This is just horrible and I agree.
My television is only 4 years old. How often do they expect people to get new televisions?!?!?
I don’t think I’m savvy enough to replace the built in Plex certificate.
It’s ridiculous to expect people to now use their phones (because it works fine there).
You are missing my point. The thing is Plex has decided to use this firmware certificate to directly identify the client. They don’t have to design things this way. The whole point of SSL is that you only need a valid certificate for the server. The client authenticates the certificate the server provides and negotiaties a private key and that’s it. This is why the backup solution of replacing the built in Plex certificate works in the first place. It effectively skips the whole part where the client certificate provided by LG, Samsung etc is used when authenticating. There are other solutions as well, but I mention this just to make a point. No other streaming app has stopped working after this deadline on my TV only Plex.
Sorry, what are you talking about?
You should read up on how the kind of cryptography in TLS and other secure transport protocols is working.
I wrote SSL rather than TLS in my previous comment. Outside of that error explain what’s wrong. From my understanding TLS works with one client contacting a server providing a public key and information regarding which types of ciphers it supports. Then the client responds providing a certificate that says who it is which is issued by a trusted third party and a copy of it’s own public key. Then the client verifies that the server is who they claim via the certificate and initiate the key exchange. Usually you don’t rely on a client certificate for anything here. The one exception perhaps beeing as a step in the process to authenticate the trusted third party certificate provided by the server, however this is not really required and even if they do want to do this there is no reason why Plex has to use a certificate provided by LG to do this. They can just as easily bundle what they need with their application. If all clients relied on pre-installed certificates to initiate a secure connection secure access to websites would’nt exsist. So outside of mixing in the LG certificate in the handshake side of things I really don’t get how that has any impact on establishing a secure connection.
But that is exactly how it works. With web browsers providing the root certificates, against which the certificate of each individual server is verified.
And there is no problem with web browsers on desktop computers, since these are pretty much continually updated, so they get fresh certificates when needed.
But if the web browser or as in this case the “certificate locker” is not updated anymore, the server cannot communicate anymore. Because the old root certificate on which the server cert is based has been invalidated.
And while the server can get a new certificate for itself (which is what Plex is doing), it won’t be any good. Because the device won’t trust the new server certificate, because the device doesn’t have the new root certificate available on which the new server certificate is based.
1 Like
Hmmm. This may or may not apply to you but do you use a router based VPN? I do, and I began having this issue as well. Plex won’t connect if both devices are connected to the VPN via the router. Once I moved both devices (my notebook where the server is) and the TV off of the VPN it worked. Once the connection was working, I moved them back. However, if I turn the TV off and back on again, and want to use Plex, I have to do this process all over again.
The certificate used by the server does not in any way need to be issued by one of the major certificate providers. It can be issued by Plex and if an issue arises with their certificates they themselves can just release clients and server software bundled with new certificates. Alternatively they could add an option in their clients where a certificate check was skipped on pre-whitelisted servers. Companies do this all the time with internal software. You only buy certificates from a third party when the services are used online by clients outside your control and you have to rely on certificate stores. Hence why I said they could have easily supported older clients regardless if the manufacturer of the TV decided to stop updating their certificates. After all updates to the apps on my TV is still rolling out even though the OS is stuck in it’s current incarnation.
It seems I am out of options.
I have tried multiple suggestions and have all failed.
Thanks for the input.
No, it cannot. Apps on the TV are not allowed to supply their own certs.
And all these Smart TV platforms simply refuse to connect to servers with invalid certificates as opposed to just throwing an error and letting the application decide how to procede? Cause if the PLEX app can just ignore the certificate issue they should really just add a feature on the TV’s in question where all certificates are allowed. At least for direct connections on the local network.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
