Native web server certificate generation instructions

[brianjmurrell]

It would be great if https://github.com/jellyfin/jellyfin-docs/blob/master/general/networking/letsencrypt.md had instructions for generating the pkcs12 certificate that Jellyfin needs when not using any kinds of reverse proxies.

I.e. how to create the pkcs12 file that goes into the network.xml <CertificatePath> config item.

I have tried openssl pkcs12 -export -password pass:foo -out certificate.pfx -inkey privkey.pem -in fullchain.pem and the resultingn .pfx file works on Chrome on Linux desktop but is considered insecure by Chrome on Android.

[brianjmurrell]

Ah ha!

Indeed, [re-]moving the *.pfx files in /var/lib/jellyfin/.dotnet/corefx/cryptography/x509stores/ca/ did resolve the problem and the above openssl command creates a working certifcate.

Still, adding the above instructions to that doc page would be useful. In the meanwhile I will go open a ticket about the above .pfx caching.