Android client login bitwarden, HTTPS cert problem

Ask the Bitwarden Community
#1

Android client login bitwarden issue.
error message:

Exception message: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

This problem will only appear on Android, not on the web or iOS.
SSL certificate authority is DigiCert.

#2

Hi I have this problem now with Bitwarden.

Could you solve the problem and how?

I’m running the newest Bitwarden app 2.5.0 on a HUAWEI P20 lite with EMUI 9.1.0 and Android 9

I tried to deinstall and re-install but doesn’t work…

Can somebody help?

#3

I still haven’t solved this problem.
I have no idea…

#4

I got support and it workded - here is the advise from Alex (Support from Bitwarden):

You will need to download the certificates at any time from the Bitwarden Cloud Web Vault. You will need to do it for both CA certs in the Chain, here is how to download the first Intermediate CA cert:

F525C5EF-4995-41A6-8203-4F85417C058A

(two other pictures how to save the Certificate but I can only post one - will post them in a new answer)

​Save the file as a DER Base64.

The Intermediate CA cert is the Cloudflare cert and the Root CA is the DigiCert cert, you need to install both following these steps: https://support.google.com/pixelphone/answer/2844832?hl=en

I hope this will also work for you! Let us know if it worked

#5

EE4140E1-593A-4AAC-8E5E-A000207D8AD7
EE4140E1-593A-4AAC-8E5E-A000207D8AD7405Ă—510 34.3 KB

#6

342D844E-68AC-4C24-9D26-18C961BB4B6C
342D844E-68AC-4C24-9D26-18C961BB4B6C405Ă—510 47.7 KB

#7

Your method inspired me, here is my solution:
I downloaded the certificate of my domain, then I import the certificate into my mobile phone. And it works!

#8

Any exactly did you do that? And having to do this at all for Android is nonsense.

#9

Just a thought, what happens if you uninstall the BW app, then reinstall.

#10

Uffff… for a while now getting the dreadful “Android security anchor error”.

Exception message: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

Certificates for NAS self-hosting installed and worked for long… then error. Tried everything in the bug playbook… reinstalled Certs, updated server, uninstalled/re-installed app (both beta and released)… at no resort.

A proof that the Certs in Android might be working is that can connect securely HTTPS using Web Browser… but can no login through Android App.

Extra note to Android users: it seems that Android phones no longer can install PEM Certs directly… but must convert format to P12 (also tried DER format, but no help).

Suggestions?!

Thx, Xant

#11

SOLVED

  • ref: Android client using self-signed Let’s Encrypt for self-hosting
  1. Something changed
    Something has changed upon recent Android updates as indeed previously worked by transferring own generated Certificates to Android… but no longer.

There are wrong information out-there, that says that Android not further accepting self-signed certs by Let’s Encrypt… this is myth and not true (more on this underneath).

  1. Anchor error and “need Private Key”
    Upon transferring self-signed certs by Let’s Encrypt to Android, one may face Anchor error or “need Private Key” pop-up message.

There are wrong information out-there, that says that Android not further accepting PEM certs format, and that must be converted to DER or P12… another myth and not true. Android still accepting “proper” certificates by Let’s Encrypt, either PEM or DER.

  1. Solution
    Go to Let’s Encrypt certificates webpage and download an INTERMEDIATE Certificate (PEM or DER). There are different versions, but any should work.

Let’s Encrypt Certificates - https://letsencrypt.org/certificates

Xant

1 Like