Sasch
January 31, 2020, 5:41pm
1
Hello, I have a self-hosted Bitwarden server and I need a certificate for the Bitwarden iOS 13 app. See here https://support.apple.com/en-us/HT210176 I have already created a certificate via OpenSSL https://praxistipps.chip.de/openssl-zertifikat-erstellen-so-gehts_46492 that also works under Windows with Firefox etc. But unfortunately not under iOS 13 with Bitwarden app. Can someone help me and tell me which certificate I need exactly?
Thanks for your help
Hi @Sasch
checking that document that's a standard self signed certificate.
I'm not firm with Bitwarden. Doesn't Bitwarden accept a self signed certificate?
If you want to create a Letsencrypt certificate, an ACME-client is required to create such a certificate (not a list of manual steps).
Read
Then select a client.
Last updated: Jul 22, 2023 | See all Documentation Let’s Encrypt uses the ACME protocol to verify that you control a given domain name and to issue you a certificate. To get a Let’s Encrypt certificate, you’ll need to choose a piece...
You may use a windows client and a manual option + http challenge, then you may copy the certificate to that Bitwarden.
But you have to do that every 60 - 85 days. So if it isn't a public webserver, a self signed certificate may be the better solution.
2 Likes
Sasch
January 31, 2020, 5:56pm
3
How can I create a self-signed certificate according to Apple guidelines? Does anyone have a documentary for me?
Copy your Windows self signed certificate.
A certificate isn’t OS-specific. Why doesn’t that work with Bitwarden?
Sasch
January 31, 2020, 6:01pm
5
It works with Bitwarden, I can log on to the Windows PC. Only with the Apple Bitwarden app not.
jsha
January 31, 2020, 6:14pm
6
Apple products have recently started enforcing stricter requirements, even on self-signed certificates. I would recommend trying https://github.com/FiloSottile/mkcert to create your self-signed certificate and see if that works.
4 Likes
Ah, thanks. Searched:
RSA min 2048 + SHA256.
The DNS name must be in the SAN-list, not only in the CN.
And two newer limitations:
TLS server certificates must contain an ExtendedKeyUsage (EKU) extension containing the id-kp-serverAuth OID.
TLS server certificates must have a validity period of 825 days or fewer (as expressed in the NotBefore and NotAfter fields of the certificate).
4 Likes
system
Closed
March 1, 2020, 6:20pm
8
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.