search

dani-garcia / vaultwarden

Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
GNU Affero General Public License v3.0
36.3k stars 1.76k forks source link

Update wiki Private CA/Self Signed certs #814

Closed stshontikidis closed 4 years ago

stshontikidis commented 4 years ago

Subject of the issue

Wiki entry on working with private CA issuers and self signed certs has some example commands that are no longer valid for iOS 13 and macOS 10.15. https://support.apple.com/en-us/HT210176 Wiki should reflect that valid server certificate can not have expiry > 825 and ExtendedKeyUsage = Server Authentication

I did a little writeup here https://www.reddit.com/r/Bitwarden/comments/ep9qyz/self_signed_certs_iosmacos_issue_solved/

Your environment

Steps to reproduce

Followed steps in wiki https://github.com/dani-garcia/bitwarden_rs/wiki/Private-CA-and-self-signed-certs-that-work-with-Chrome and then add certs to iOS >= 13.0.

Expected behaviour

SSL handshake should be successful

Actual behaviour

iOS app has generic server connection error

Relevant logs

nginx 2020/01/15 16:12:31 [info] 13834#13834: 44031 peer closed connection in SSL handshake while SSL handshaking, client: 192.168.1.42, server: 0.0.0.0:443 2020/01/15 16:13:25 [info] 13834#13834: 44032 peer closed connection in SSL handshake while SSL handshaking, client: 192.168.1.42, server: 0.0.0.0:443

stshontikidis commented 4 years ago

I am willing to update the wiki but I am not involved in the project and did not just want to edit unannounced.

dani-garcia commented 4 years ago

Yeah of course, I'd appreciate if you could update the wiki to include the info you mention, thanks!

stshontikidis commented 4 years ago

Made the small update to ext file and server cert command, along with note to source of apple requirements. Take a look and I think we can close this thread.

dani-garcia commented 4 years ago

Looks good to me, thanks!