search

dani-garcia / vaultwarden

Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
GNU Affero General Public License v3.0
36.78k stars 1.79k forks source link

There is a problem connecting to the server - Android & Windows App #474

Closed 7uppi closed 4 years ago

7uppi commented 5 years ago

I want to use HTTPS on my localhosted bitwarden deployment running on a Raspberry Pi. I just can't seem to get it fully working.

My setup is as follows:

I have created my own certificate with openSSL since I am localhosting it, and there is nothing pointing out of the LAN.

My problem is that I can't get it to work on both the Android and Windows app. The Android app gives me the following error: "An error has occurred. There is a problem connecting to the server" Where the Windows app is saying: "An error occurred - Failed to fetch"

Everything is working fine in the browser. Both on Windows and Android.

I have noticed it had the same problem in the Chrome extension, but when I loaded up the website of the localhosted bitwarden, and accept the risk, since it doesn't trust the certificate, everything is working fine in the chrome extension. Therefor I thought I would just go ahead and download the certificate and install it on both the phone and Windows machine, and everything would work. It turned out it wasn't that easy. I can still not access my database from either of the apps.

Here is the commands I have used for the different stuff.

Create openSSL certificate and key: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/bw-docker/ssl/private/bitwarden-selfsigned.key -out /etc/bw-docker/ssl/certs/bitwarden-selfsigned.crt

Starting the container with this command: docker run -d --name bitwarden --restart always -v /etc/bw-docker/bw-data/:/data/ -v /etc/bw-docker/ssl/:/ssl/ -e ROCKET_TLS='{certs="/ssl/cert/bitwarden-selfsigned.crt",key="/ssl/key/bitwarden-selfsigned.key"}' -e SIGNUPS_ALLOWED=false -e INVITATIONS_ALLOWED=false -e ADMIN_TOKEN=**** -p 443:80 mprasil/bitwarden:raspberry

This is kind of where I am stuck, and would like some help. If you need more information, just ask :)

sitic commented 5 years ago

The windows bitwarden app is build with electron and the android app with Xamarin. I don't know for sure, but they both might ship with their own Certificate Trust Store making it impossible to import a self-signed cert without code changes and repackaging the apps.

An alternative would be to generate a valid letsencrypt-singed cert. The server does not need to be accessible from the outside to do this, you can have a domain pointing to the internal IP and then use the letsencrypt dns-validation to generate the cert. If you don't own a domain, you could use a free DDNS service such as duckdns (see this for use with letsencrypt's certbot dns-01 challenge) to do this.

dagavi commented 5 years ago

I supose that you will need to add your cert to Android to trust this cert.

Edit: And ensure that you generate your cert with CN=IP of the machine / name [if you can use names]

7uppi commented 5 years ago

The windows bitwarden app is build with electron and the android app with Xamarin. I don't know for sure, but they both might ship with their own Certificate Trust Store making it impossible to import a self-signed cert without code changes and repackaging the apps.

An alternative would be to generate a valid letsencrypt-singed cert. The server does not need to be accessible from the outside to do this, you can have a domain pointing to the internal IP and then use the letsencrypt dns-validation to generate the cert. If you don't own a domain, you could use a free DDNS service such as duckdns (see this for use with letsencrypt's certbot dns-01 challenge) to do this.

But I will have to use a hostname on the raspberry, am I right? Or do I just need to use the DDNS domain name, and then everything would maybe work? I just don't get how it knows that it is for the raspberry, and not just for the DDNS, but will look into it. Thanks

7uppi commented 5 years ago

I supose that you will need to add your cert to Android to trust this cert.

Edit: And ensure that you generate your cert with CN=IP of the machine / name [if you can use names]

I have already tried this, and this is also what I would say would work, but that is apparently not the case. Thanks for the idea though :)

Baeen commented 4 years ago

I had the same issue with the android mobile app not connecting to my instance of bitwarden_rs running self signed certs, but resolved it by importing my CA's certificate into Andriod. I had to import it under "Lock screen & security" -> "Install from device memory/SD card" with the credential use setting for "VPN and apps".

dani-garcia commented 4 years ago

Closed due to inactivity.