@ChuckPa ok done ! I’ve got a long answer after the openssl command.
What info do you want ? I can send you the result in private in txt format ?
You got the certificate? Excellent.
Try your Remote Access
This is the important part
CONNECTED(00000003)** **depth=1 /C=US/O=Plex, Inc./CN=Plex Devices High Assurance CA3** **verify error:num=20:unable to get local issuer certificate** **verify return:0** **---** Certificate chain 0 s:/C=US/ST=California/L=Los Gatos/O=Plex, Inc./CN=*.94f52f87a819491aba8cabf1005581cf.plex.direct i:/C=US/O=Plex, Inc./CN=Plex Devices High Assurance CA3
Plex Devices High Assurance CA3
@ChuckPa Done, same problem…
CONNECTED(00000170)
Can’t use SSL_get_servername
depth=1 C = US, O = “Plex, Inc.”, CN = Plex Devices High Assurance CA3
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = California, L = Los Gatos, O = “Plex, Inc.”, CN = *.f85886833c0f46e48b170e8e585e4c73.plex.direct
verify return:1
you did not get the cert. that’s a failure.
look at your logs. Which PubSub server ?
OK i paste in the other thread
in wich log file can i see the pubsub server ?
But after the failure, i’ve got a long cetificate with the opensll command. WOuld you like me to send the complete result in private in txt format ?
yes, paste in the PM i sent you. Attach the ZIP file
ouptut of openssl s_client -showcerts -connect 127.0.0.1:32400 :
CONNECTED(00000005)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = "Plex, Inc.", CN = Plex Devices High Assurance CA3
verify return:1
depth=0 C = US, ST = California, L = Los Gatos, O = "Plex, Inc.", CN = *.7128b24764c144a89582e546502fe122.plex.direct
verify return:1
---
Certificate chain
0 s:C = US, ST = California, L = Los Gatos, O = "Plex, Inc.", CN = *.7128b24764c144a89582e546502fe122.plex.direct
i:C = US, O = "Plex, Inc.", CN = Plex Devices High Assurance CA3
-----BEGIN CERTIFICATE-----
MIIF7zCCBNegAwIBAgIQBBoImKJ1KddobGtNKJumhjANBgkqhkiG9w0BAQsFADBM
MQswCQYDVQQGEwJVUzETMBEGA1UEChMKUGxleCwgSW5jLjEoMCYGA1UEAxMfUGxl
eCBEZXZpY2VzIEhpZ2ggQXNzdXJhbmNlIENBMzAeFw0yMDEwMDEwMDAwMDBaFw0y
MTEwMDExMjAwMDBaMIGEMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p
YTESMBAGA1UEBxMJTG9zIEdhdG9zMRMwEQYDVQQKEwpQbGV4LCBJbmMuMTcwNQYD
VQQDDC4qLjcxMjhiMjQ3NjRjMTQ0YTg5NTgyZTU0NjUwMmZlMTIyLnBsZXguZGly
ZWN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5DB74VVUtHd3qN3Y
fYcWtzKee3yS2H2GlQjGLn79T2A2wwfa6y/aaTG9aO73SvO5QEDzB5+SJtwicStx
HV7FVhf0JhtRZVi+znqMCj83TX962fPhBSxBnBe3Vh0n8faFqFzGVbD31kZq6KJO
Jh0qDhEzuHdD8swOX8UFj7Td9BT0CITMQzuLMkiVn9RiVF9hgUX1Pl8x15zevivv
tVwKUZFkz/0el42Zcf88DR8HeEHmWDetxZ8qd0Na3MRMjNbAroYKO37OLpmWOmUr
Vo5Q/Q4rjEpWV7T0aKkYEMuJBM6ZoVs2cBsItZkaaT/9xdKbTKcAFhL5DBIhFd53
x6DAjwIDAQABo4ICkjCCAo4wHwYDVR0jBBgwFoAU8D+toY17ddQeuPWGYv9VaL3h
jV4wHQYDVR0OBBYEFMxGQmyoVQEHJaA5D1pegrHGMqVlMDkGA1UdEQQyMDCCLiou
NzEyOGIyNDc2NGMxNDRhODk1ODJlNTQ2NTAyZmUxMjIucGxleC5kaXJlY3QwDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBMBgNV
HSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5k
aWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB9BggrBgEFBQcBAQRxMG8wJAYIKwYB
BQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBHBggrBgEFBQcwAoY7aHR0
cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL1BsZXhEZXZpY2VzSGlnaEFzc3VyYW5j
ZUNBMy5jcnQwDAYDVR0TAQH/BAIwADCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3
APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABdOYR++sAAAQDAEgw
RgIhAIiLJjT6ULyZOLHAHd9luOULZDanr0oy7xQhJaNgcFAFAiEAoG9FY6KYIXkJ
bFbg7o7Iby/OXqLXkKdilF7meEgz1yAAdgBc3EOS/uarRUSxXprUVuYQN/vV+kfc
oXOUsl7m9scOygAAAXTmEfw1AAAEAwBHMEUCIQDJXshOhLiT7vHdI4c7G9d7F/Wj
+9GY/j3QQqfN9WlLcQIgQcC4BVMS/W4kEgnbL4zFNp5f7jVZfVDjEIcAtNoGORYw
DQYJKoZIhvcNAQELBQADggEBAFH3lSYfHQmsHIYJae40ddHOBzlQvaAV4gMuMziR
v4CmjQpSRXEZCqpZTU62kplftj2T1ojaClcDx+Smsmy1KZKbqdfXPe0667nb6/x6
9H6T/EzRQYI0iYUDAThgiKti0WjfeBwUHwbbiI+TvoqJ4W2hbe3OeGJBzMqbW3Qs
qnnVsvaVeVc8WgqNj57U6fnTs2F/NHfwj/4IMaonaXTbE00OTamoiFvXbyzMuEWw
r8JdnjBUvg4sdUTWv5v2QG+9GQyoSrPRBcNEXbHnDuBFl2Hg38kAbY4sy815iFxO
TzyQP5zaoMtqUpq6/1DKvWUydnAp8cE65lWXXZyIkqZIfD0=
-----END CERTIFICATE-----
1 s:C = US, O = "Plex, Inc.", CN = Plex Devices High Assurance CA3
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIQBiBJfLntFNoOiPWuKG+WqDANBgkqhkiG9w0BAQsFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTIwMDkyNDAwMDAwMFoXDTI1MDUxOTIzNTk1OVowTDEL
MAkGA1UEBhMCVVMxEzARBgNVBAoTClBsZXgsIEluYy4xKDAmBgNVBAMTH1BsZXgg
RGV2aWNlcyBIaWdoIEFzc3VyYW5jZSBDQTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDINYhtcvGtW+6h+j5YDn3nTkalb0NF+IZKn331NZDsqAD3X8Ax
Wo6/a2ANgYtIQJvcL3m1luU0rmIWVCIuigTKlGEXSS+y12v7C9t2vwpoJsnQ0B/3
MSY4XHFY23iI6itHmTg/i0BjpzcKHzrPtL5a1er8ykMhDOJJqBqJ6gBZbdSukr68
Bwno4V1WseRzv4tyJJPyJSNE/DtaFWKEjYmF1mFxyocTdcb+d9XrBYxGcJn7ap6U
4Sp1NDZXJVpI2tu/VLnW2b8e1bR/H1xoVfwpaY7+aTmiCGLFnpwnU3BXq0yEDx3U
LZcyttiLLpqSGjq1ar2HJeAYW0AIWp9+HK2XAgMBAAGjggHMMIIByDAdBgNVHQ4E
FgQU8D+toY17ddQeuPWGYv9VaL3hjV4wHwYDVR0jBBgwFoAUsT7DaQP4v0cB1Jgm
GggC72NkK8MwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMH8GCCsGAQUFBwEBBHMwcTAkBggr
BgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEkGCCsGAQUFBzAChj1o
dHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNl
RVZSb290Q0EuY3J0MIGPBgNVHR8EgYcwgYQwQKA+oDyGOmh0dHA6Ly9jcmwzLmRp
Z2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VFVlJvb3RDQS5jcmwwQKA+
oDyGOmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFu
Y2VFVlJvb3RDQS5jcmwwMAYDVR0gBCkwJzAHBgVngQwBATAIBgZngQwBAgEwCAYG
Z4EMAQICMAgGBmeBDAECAzANBgkqhkiG9w0BAQsFAAOCAQEAs/lybvFmxpIgHmK4
Bump8Ucli2C+Nzob/HAsHQ9p+GWYn3gSqEse2IkIfxdTVXm4bas/i5VXqPmUSEWw
NvCO0gouBTRs8ai0c9Z1mR/ytxSfZc7W2DyvqSrmkQXQIxpDzEfJR8WyZElx22Ue
fNV8o4J0Vx2nRutWYyMU+Gst/2CnHTf6PczYoNNzdrm9Amgq+22BHQwaJJvpwuk1
vof0ZjjsI/ILnbEGUN79gn8UvkeWpqeX43iY9OQnLB9g+6f1Rd+ca+alXAK1/rbQ
fMUrXFCdP2AjSMu3GJZK90APWW6pdwVhfVTjUANseMltj+HiNHuHeXY0vFgVWHyO
r1/aew==
-----END CERTIFICATE-----
---
Server certificate
subject=C = US, ST = California, L = Los Gatos, O = "Plex, Inc.", CN = *.7128b24764c144a89582e546502fe122.plex.direct
issuer=C = US, O = "Plex, Inc.", CN = Plex Devices High Assurance CA3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3372 bytes and written 375 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_128_GCM_SHA256
Session-ID: D0CB34791A627F3CC746ECBABA80D548A078882EB8A90F6DC012470A04951747
Session-ID-ctx:
Resumption PSK: DF355FC20F4E3C4EDD35FEA12FE69E7AC38126FB67D1EF31C9F89B1B524AA167
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 24 c4 91 c9 0d 89 c8 70-39 9d 0e 48 d9 14 aa 46 $......p9..H...F
0010 - 24 b1 98 33 b9 d9 36 6d-a8 51 73 47 ce 3b 2b cb $..3..6m.QsG.;+.
0020 - 8c 3c c7 35 a5 f0 a7 9d-80 dc 17 57 cc 3d 4c 48 .<.5.......W.=LH
0030 - a0 14 c5 60 13 fc a6 4b-0e 0b fb 86 03 83 02 16 ...`...K........
0040 - 9b fa f0 81 08 47 07 76-8f a0 28 1d 24 03 08 22 .....G.v..(.$.."
0050 - d5 c6 3c 90 69 19 ae d9-35 a4 01 e0 75 71 6f 33 ..<.i...5...uqo3
0060 - c0 1b a5 ea d1 fe a5 d7-e5 10 ca b3 b7 37 c6 5c .............7.\
0070 - 09 f4 a2 c4 6b e2 26 0b-ce e2 3e 20 78 85 73 d2 ....k.&...> x.s.
0080 - a5 32 29 ee 6a 6c 53 e1-0b 1d 69 0c c1 ce cb 5f .2).jlS...i...._
0090 - d2 71 94 00 bb 47 da 99-0f e4 ea f7 67 69 05 98 .q...G......gi..
00a0 - 45 ff b5 e7 cd 80 eb 5b-6d 04 39 87 10 5a 78 4b E......[m.9..ZxK
00b0 - 75 dc ad ac 28 48 3a 3e-16 ae eb b2 81 18 9e d5 u...(H:>........
00c0 - 7f f9 bd cc 90 84 9f d9-db 1f 44 59 2b 53 17 fd ..........DY+S..
Start Time: 1601844738
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_128_GCM_SHA256
Session-ID: 34464B9BC56034098D3FC8A8ABD5339C84541F964E7FD4215B911CAC6FA6C1D2
Session-ID-ctx:
Resumption PSK: 166A58B8B31393EB3C8BFDC4130919C8A51A69C9F277559A4BAF02B50E7776C2
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 24 c4 91 c9 0d 89 c8 70-39 9d 0e 48 d9 14 aa 46 $......p9..H...F
0010 - 7e e8 8d fa 81 d1 e6 7b-35 13 7f 7b 8c 34 42 92 ~......{5..{.4B.
0020 - a0 89 11 21 1c 78 e0 74-b0 66 c4 c2 f5 27 f2 e4 ...!.x.t.f...'..
0030 - 2a 97 c9 c2 08 81 a2 fe-96 2e bb af 5d 79 a0 54 *...........]y.T
0040 - 9b 44 d0 13 9b 34 15 a2-78 15 29 81 50 31 d9 c6 .D...4..x.).P1..
0050 - 4f 49 40 7d 27 cd d7 d9-9c a2 ac c6 3f da 8c 88 OI@}'.......?...
0060 - 68 69 ec bd a9 d5 1a 91-6b e9 bd 9b d9 14 1d ae hi......k.......
0070 - 29 3a 1c 94 0f 6b 9b 2c-8c 0e 5e ff a6 04 3e 13 ):...k.,..^...>.
0080 - 00 2b f2 0f 77 f7 8a 89-ea ed 11 a0 ff ce 34 75 .+..w.........4u
0090 - 47 e4 80 3f 5b 1a 26 f8-d3 f2 a0 04 ff 89 97 68 G..?[.&........h
00a0 - e9 da 06 21 08 71 cb 26-b9 66 c9 fe 87 bd 31 50 ...!.q.&.f....1P
00b0 - 6d 8a 98 e5 f0 bc b0 9e-d5 8b 0a b4 12 89 7e 83 m.............~.
00c0 - e8 f4 93 74 2e 15 8a 15-d7 09 87 71 5e d5 9a c1 ...t.......q^...
Start Time: 1601844738
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
That is the correct reply. That is the certificate for your LAN connection
Does everything work?
Do you know if they might come out with an update soon that will correct this issue. Thank you
none of the remote connections work, local is ok.
Eric
we first need identify the root cause. I’m trying to discern if a regional cloud server issue or a PMS issue.
Since this is tied to the outage, it appears to be Plex.tv / region related.
What I’m trying to discern now is which regional server is the problem or if multiple are.
When you look at your PMS logs (right after startup),
Which IP address does Event Source end up pointing to for “plex.tv” ?
can you tell me exactly which log shows that please?
The logs show successful certificate retrieval but failure by PMS to accept and use it.
Of the 3 pieces in that certificate download, one appears to be invalid. This is likely why PMS is not accepting it.
I am asking both teams now.
Great. Thank you very much
Running Linux yes, I did have a revoked certificate previously but I have restarted a million times, upgraded, made changes to the preference.xml file, signed oud and in again. this before I found this post. Now I am without cert completely.
openssl s_client -showcerts -connect 127.0.0.1:32400
CONNECTED(00000005)
write:errno=0
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 311 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
Hi @ChuckPa , I think i’m getting the cert error with my Shield Android TV server.
Can you please reset the cert? Do I need to have it off or just reset it once you’re done?
Cheers,
Glenn.
I think im having same issue. Logs attached. Server is shut down
