Closed 7uppi closed 4 years ago
The windows bitwarden app is build with electron and the android app with Xamarin. I don't know for sure, but they both might ship with their own Certificate Trust Store making it impossible to import a self-signed cert without code changes and repackaging the apps.
An alternative would be to generate a valid letsencrypt-singed cert. The server does not need to be accessible from the outside to do this, you can have a domain pointing to the internal IP and then use the letsencrypt dns-validation to generate the cert. If you don't own a domain, you could use a free DDNS service such as duckdns (see this for use with letsencrypt's certbot dns-01 challenge) to do this.
I supose that you will need to add your cert to Android to trust this cert.
Edit: And ensure that you generate your cert with CN=IP of the machine / name [if you can use names]
The windows bitwarden app is build with electron and the android app with Xamarin. I don't know for sure, but they both might ship with their own Certificate Trust Store making it impossible to import a self-signed cert without code changes and repackaging the apps.
An alternative would be to generate a valid letsencrypt-singed cert. The server does not need to be accessible from the outside to do this, you can have a domain pointing to the internal IP and then use the letsencrypt dns-validation to generate the cert. If you don't own a domain, you could use a free DDNS service such as duckdns (see this for use with letsencrypt's certbot dns-01 challenge) to do this.
But I will have to use a hostname on the raspberry, am I right? Or do I just need to use the DDNS domain name, and then everything would maybe work? I just don't get how it knows that it is for the raspberry, and not just for the DDNS, but will look into it. Thanks
I supose that you will need to add your cert to Android to trust this cert.
Edit: And ensure that you generate your cert with CN=IP of the machine / name [if you can use names]
I have already tried this, and this is also what I would say would work, but that is apparently not the case. Thanks for the idea though :)
I had the same issue with the android mobile app not connecting to my instance of bitwarden_rs running self signed certs, but resolved it by importing my CA's certificate into Andriod. I had to import it under "Lock screen & security" -> "Install from device memory/SD card" with the credential use setting for "VPN and apps".
Closed due to inactivity.
I want to use HTTPS on my localhosted bitwarden deployment running on a Raspberry Pi. I just can't seem to get it fully working.
My setup is as follows:
I have created my own certificate with openSSL since I am localhosting it, and there is nothing pointing out of the LAN.
My problem is that I can't get it to work on both the Android and Windows app. The Android app gives me the following error: "An error has occurred. There is a problem connecting to the server" Where the Windows app is saying: "An error occurred - Failed to fetch"
Everything is working fine in the browser. Both on Windows and Android.
I have noticed it had the same problem in the Chrome extension, but when I loaded up the website of the localhosted bitwarden, and accept the risk, since it doesn't trust the certificate, everything is working fine in the chrome extension. Therefor I thought I would just go ahead and download the certificate and install it on both the phone and Windows machine, and everything would work. It turned out it wasn't that easy. I can still not access my database from either of the apps.
Here is the commands I have used for the different stuff.
Create openSSL certificate and key:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/bw-docker/ssl/private/bitwarden-selfsigned.key -out /etc/bw-docker/ssl/certs/bitwarden-selfsigned.crt
Starting the container with this command:
docker run -d --name bitwarden --restart always -v /etc/bw-docker/bw-data/:/data/ -v /etc/bw-docker/ssl/:/ssl/ -e ROCKET_TLS='{certs="/ssl/cert/bitwarden-selfsigned.crt",key="/ssl/key/bitwarden-selfsigned.key"}' -e SIGNUPS_ALLOWED=false -e INVITATIONS_ALLOWED=false -e ADMIN_TOKEN=**** -p 443:80 mprasil/bitwarden:raspberry
This is kind of where I am stuck, and would like some help. If you need more information, just ask :)