Certificates in iOS 13?

Hello, I have a self-hosted Bitwarden server and I need a certificate for the Bitwarden iOS 13 app. See here https://support.apple.com/en-us/HT210176 I have already created a certificate via OpenSSL https://praxistipps.chip.de/openssl-zertifikat-erstellen-so-gehts_46492 that also works under Windows with Firefox etc. But unfortunately not under iOS 13 with Bitwarden app. Can someone help me and tell me which certificate I need exactly?

Thanks for your help

Hi @Sasch

checking that document that’s a standard self signed certificate.

I’m not firm with Bitwarden. Doesn’t Bitwarden accept a self signed certificate?

If you want to create a Letsencrypt certificate, an ACME-client is required to create such a certificate (not a list of manual steps).


Then select a client.

You may use a windows client and a manual option + http challenge, then you may copy the certificate to that Bitwarden.

But you have to do that every 60 - 85 days. So if it isn’t a public webserver, a self signed certificate may be the better solution.


How can I create a self-signed certificate according to Apple guidelines? Does anyone have a documentary for me?

Copy your Windows self signed certificate.

A certificate isn’t OS-specific. Why doesn’t that work with Bitwarden?

It works with Bitwarden, I can log on to the Windows PC. Only with the Apple Bitwarden app not.

Apple products have recently started enforcing stricter requirements, even on self-signed certificates. I would recommend trying https://github.com/FiloSottile/mkcert to create your self-signed certificate and see if that works.


Ah, thanks. Searched:

RSA min 2048 + SHA256.
The DNS name must be in the SAN-list, not only in the CN.

And two newer limitations:

TLS server certificates must contain an ExtendedKeyUsage (EKU) extension containing the id-kp-serverAuth OID.
TLS server certificates must have a validity period of 825 days or fewer (as expressed in the NotBefore and NotAfter fields of the certificate).


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.