Certificates in iOS 13?

Hello, I have a self-hosted Bitwarden server and I need a certificate for the Bitwarden iOS 13 app. See here https://support.apple.com/en-us/HT210176 I have already created a certificate via OpenSSL https://praxistipps.chip.de/openssl-zertifikat-erstellen-so-gehts_46492 that also works under Windows with Firefox etc. But unfortunately not under iOS 13 with Bitwarden app. Can someone help me and tell me which certificate I need exactly?

Thanks for your help

Hi @Sasch

checking that document that's a standard self signed certificate.

I'm not firm with Bitwarden. Doesn't Bitwarden accept a self signed certificate?

If you want to create a Letsencrypt certificate, an ACME-client is required to create such a certificate (not a list of manual steps).

Read

Then select a client.

You may use a windows client and a manual option + http challenge, then you may copy the certificate to that Bitwarden.

But you have to do that every 60 - 85 days. So if it isn't a public webserver, a self signed certificate may be the better solution.

2 Likes

How can I create a self-signed certificate according to Apple guidelines? Does anyone have a documentary for me?

Copy your Windows self signed certificate.

A certificate isn’t OS-specific. Why doesn’t that work with Bitwarden?

It works with Bitwarden, I can log on to the Windows PC. Only with the Apple Bitwarden app not.

Apple products have recently started enforcing stricter requirements, even on self-signed certificates. I would recommend trying https://github.com/FiloSottile/mkcert to create your self-signed certificate and see if that works.

4 Likes

Ah, thanks. Searched:

RSA min 2048 + SHA256.
The DNS name must be in the SAN-list, not only in the CN.

And two newer limitations:

TLS server certificates must contain an ExtendedKeyUsage (EKU) extension containing the id-kp-serverAuth OID.
TLS server certificates must have a validity period of 825 days or fewer (as expressed in the NotBefore and NotAfter fields of the certificate).

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.