Added SSL tips from comment from Sonar Developer, Markus. https://forums.sonarr.tv/t/sonarr-ssl-synology-client-cert-mono-upgrade-solution/9786/2

2024-11-25 04:02:48 +01:00 · 2017-04-18 07:23:53 -06:00 · 2017-04-18 07:23:53 -06:00 · ee7af9fc93
commit ee7af9fc93
parent 94853befe7
1 changed files with 10 additions and 1 deletions
--- a/SSL.md
+++ b/SSL.md
@ -77,4 +77,13 @@ _If you're not running Sonarr on a Synology, skip these steps_
 ## Generate a Self-signed Certificate ##

    openssl genrsa -out yourdomain.key 2048
-    openssl req -new -x509 -key yourdomain.key -out yourdomain.cert -days 3650 -subj /CN=yourdomain
+    openssl req -new -x509 -key yourdomain.key -out yourdomain.cert -days 3650 -subj /CN=yourdomain
+
+
+## Important Notes Regarding Certificate Usage ##
+There are two issues with mono and SSL:
+
+1. New ciphers aren't supported so some browsers block the connections by default (chrome and FF both do this)
+Mono doesn't support intermediate certificates, which results in a broken chain and the browsers end up requesting a client certificate
+
+2. The second issue can be mitigated by using a certificate chain that doesn't have an intermediate certificate, but most CAs use an intermediate certificate (at least the trusted public ones), which means it leaves you to a self signed certificate. The easiest solution for the time being is a reverse proxy with nginx or apache.