If you run your own Plex server it would be nice to not get a certificate error when you surf to it in your browser. You could use something like Lets Encrypt if your server is publicly available but I wouldn’t recommend having your Plex server publicly available. So what I have done is created a custom top level domain that is local to my network so I have an easy to remember host name. But that also means I have to create my own certificate authority.
I’m not going to go into have to setup a custom top level domain or create your own local certificate authority here. Instead we will focus on how to setup Plex with your certificate once you have it.
I run Plex in an iocage jail on TrueNAS so I will create the following folder where I will store the certificate and key.
mkdir -p /usr/local/plexdata-plexpass/cert/
In there I will create the following files.
The certificate goes in the crt-file and the key goes in the key-file.
Plex can’t read these files though so we have to convert them to the PKCS12 format which Plex do read. To do that make sure you first stand in the cert-folder and then you can use openssl to create the PKCS12 file.
cd /usr/local/plexdata-plexpass/cert openssl pkcs12 -export -passout pass: -out keyStore.p12 -certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA256 -inkey myhostname.key -in myhostname.crt
Make sure that all the files are owned by the Plex user.
chown -R plex: /usr/local/plexdata-plexpass/cert/
Now go the your Plex admin interface in your browser and go to
Settings. There you have an option for Custom certificate location, in my case I will enter the following path there.
Save the settings and restart the Plex server, in my case I just restart the jail.