Allow Self-Signed Certificate

[NGC602]

There is currently no initial setting upon launching the app to skip Certificate Validation for self hosted servers with self signed certificates not authorized by Let’s Encrypt or other.
Is it possible to implement this feature so it can support LAN only (or over VPN) network configurations?

Thanks for your time

[NGC602]

Issue persists even after trusting the certificate and adding full trust in Root Store to the device being used to connect

[BLeeEZ]

Interesting. I thought after trusting the certificate and adding full trust the connection should be possible. There was already in the past a similar issue: #18
I am currently in vacation. I will take a look at this issue and try get further information.

[BLeeEZ]

In the meantime I read further about this topic and I am not sure how to fix it.
All I can find is to trust as root certificate (what you already did) and then it should work.
The error message you are getting displayed comes directly from the apple request manager (which handles all the https security mechanisms).

[RedS6X]

Same problem here... :(
Any idea how to fix this issue?

[BLeeEZ]

Apple has specific criteria for self signed certificates that must be met.
The criteria are listed here: https://support.apple.com/en-us/HT210176
Does your certificates fulfill these criteria?

[RedS6X]

Apple has specific criteria for self signed certificates that must be met.

The criteria are listed here: https://support.apple.com/en-us/HT210176

Does your certificates fulfill these criteria?

I have tried a lot of different configurations...
And that's all that I have for now.

Also tried this one:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001UxnCAE

As a result same image

Tomorrow maybe I'll have more time.

Thanks for your help :)

[RedS6X]

Hey @BLeeEZ Finally I got more time and I found the way to fit with Apple requirements.
This worked for me (Maybe someone will need it 🙏):
openssl req -x509 -nodes -newkey rsa:2048 -keyout local.key -out local.crt -days 825 \ -subj '/CN=Apple/C=UK/OU=Apple/O=Apple' \ -addext "keyUsage = digitalSignature, keyEncipherment, dataEncipherment, cRLSign, keyCertSign" \ -addext "extendedKeyUsage = serverAuth, clientAuth, 1.3.6.1.4.1.311.80.1" \ -addext "subjectAltName=DNS:Real Server DNS,IP:Real Server IP"

After this I got an "401" error and the stars aligned 😆, then I notice, you have updated the app with "Legacy Subsonic". So now everything works like a charm!

PS: Would be nice to get songs info/album image from ID3 Tags.

Best regards,
Thank you again the app is Great!

[BLeeEZ]

Really nice to hear.
Here is an open feature request which matches your request: #75
I will take a look at it soon.

[BLeeEZ]

The ID3 artwork will now be used (706e2e4).
It is available after the song is played the first time.