Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?
Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?
Yeah that’s true.
It’s not a root certificate, and I’ve never seen any warnings.
You need the web site to use a certificate from the same root authority as your client certificate. Otherwise browsers won’t present the certificate to the server. That means either warnings on connect or adding the root cert.
I do think if you are doing it with them in person it is doable to add it.
I’m not sure if I’ve misunderstood you, but I use Lets Encrypt for the server’s TLS, and then my own CA cert (which is only present on the webserver) for the client’s mTLS and everything works fine, since it’s the client that validates the server’s cert and the server that validates the client’s cert.