Android client login bitwarden issue.
error message:
Exception message: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
This problem will only appear on Android, not on the web or iOS.
SSL certificate authority is DigiCert.
Hi I have this problem now with Bitwarden.
Could you solve the problem and how?
I’m running the newest Bitwarden app 2.5.0 on a HUAWEI P20 lite with EMUI 9.1.0 and Android 9
I tried to deinstall and re-install but doesn’t work…
Can somebody help?
I still haven’t solved this problem.
I have no idea…
I got support and it workded - here is the advise from Alex (Support from Bitwarden):
You will need to download the certificates at any time from the Bitwarden Cloud Web Vault. You will need to do it for both CA certs in the Chain, here is how to download the first Intermediate CA cert:
(two other pictures how to save the Certificate but I can only post one - will post them in a new answer)
​Save the file as a DER Base64.
The Intermediate CA cert is the Cloudflare cert and the Root CA is the DigiCert cert, you need to install both following these steps: https://support.google.com/pixelphone/answer/2844832?hl=en
I hope this will also work for you! Let us know if it worked
Your method inspired me, here is my solution:
I downloaded the certificate of my domain, then I import the certificate into my mobile phone. And it works!
Any exactly did you do that? And having to do this at all for Android is nonsense.
Just a thought, what happens if you uninstall the BW app, then reinstall.
Uffff… for a while now getting the dreadful “Android security anchor error”.
Exception message: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
Certificates for NAS self-hosting installed and worked for long… then error. Tried everything in the bug playbook… reinstalled Certs, updated server, uninstalled/re-installed app (both beta and released)… at no resort.
A proof that the Certs in Android might be working is that can connect securely HTTPS using Web Browser… but can no login through Android App.
Extra note to Android users: it seems that Android phones no longer can install PEM Certs directly… but must convert format to P12 (also tried DER format, but no help).
Suggestions?!
Thx, Xant
SOLVED
There are wrong information out-there, that says that Android not further accepting self-signed certs by Let’s Encrypt… this is myth and not true (more on this underneath).
There are wrong information out-there, that says that Android not further accepting PEM certs format, and that must be converted to DER or P12… another myth and not true. Android still accepting “proper” certificates by Let’s Encrypt, either PEM or DER.
Let’s Encrypt Certificates - https://letsencrypt.org/certificates
Xant
To resolve this, you need to create all SSL cert in single .pem file. The single PEM file should consist your SSL cert + intermediate SSL cert. By doing this, you dont need to manual import SSL cert to your mobile device anymore.
- Solution
Go to Let’s Encrypt certificates webpage and download an INTERMEDIATE Certificate (PEM or DER). There are different versions, but any should work.
I confirm this worked for me too. Thank you!!!
I have no idea why this stopped working a few weeks ago.
It does nothing. I’ve reinstalled Bitwarden on my Motorola 2022 Stylus 5G several times. Never fixed it. Before I logged out, the app wouldn’t even sync with my other vaults on the PC and my Samsung S10 (yes, I still use the AMAZING S10 model).
This is ridiculous. Certificates should be downloaded upon installation of the application or an update. We’re being forced into developer work for free. What if I paid for a subscription? Would that afford me a fix?
Update: I did some digging and discovered some of my certificate permissions had been switched off. Somehow this prevented reinstallation of the Bitwarden app turning the cert permissions back on. After careful inspection and some changes, the bitwarden app has been restored to full operation.
If you use zerossl, I fixed this by concatenating my “certificate.crt” and “ca_bunde.crt” to a new “certificate2.crt” file.
cat certificate.crt ca_bundle.crt >> certificate2.crt
Then using certificate2.crt in my nginx config instead of certificate.crt.
Is it the only way to resolve the certificate error issue in the Bitwarden Android client by importing the root_bundle.crt?
Is there any other more convenient way
@jandm
Also I have tried using cat certificate.crt ca_bundle.crt >> certificate2.crt and using certificate2.crt instead of certificate.crt in nginx config file. This causes my bitwarden-nginx container to fail to start properly with Restarting (1) 1 second ago
@T_C_Koay
I tried using the PEM file, but it still causes my Bitwarden-NGINX container to display “Restarting (1) 1 second ago.” I’m not sure if it’s due to a configuration issue preventing the container from starting.
In bwdata/config.yml
ssl_certificate_path: /etc/ssl/mydomain/certificate.pem
ssl_key_path: /etc/ssl/mydomain/private.key
or in /bwdata/nginx/default.conf
server {
....
ssl_certificate /etc/ssl/mydomain/certificate.pem;
ssl_certificate_key /etc/ssl/mydomain/private.key;
ssl_trusted_certificate /etc/ssl/mydomain/certificate.pem;
....
@Xant Posted the solution. Can confirm this working as of August 12, 2023. Grabbed the Certificate file from link and just added it into android. To be clear, I didnt need to edit the certificate or anything and it came in as a “lets-encrypt-r3.pem” file to my PC. I moved the file to my phone and added it in the Settings, Security. Instantly started working.