we want to self-host Bitwarden in our work environment and use the integration in ASG Remote-Desktop.This integration uses the CLI. But when I try to connect to our Bitwarden server with CLI via Powershell (or cmd) I get the following error:
We have our own CA that is trusted by all our client PC’s via GPO. The certificate used for Bitwarden is generated from our CA and has no intermediates. Every other method we want to use (browser extension, web access, desktop app) but the CLI works.
I followed the best practice instructions for the installation and we are using the latest version.
If you need additional infos feel free to ask.
Anyone had a similar problem ro knows where I could have made a mistake?
when following the cat cert chain >> certificate.crt command, you might have reversed the order, and that would prevent BW from starting the nginx container.
Double check that when you append the cert, it goes cat server-cert intermediate-ca >> certificate.crt
Alternatively, it may work if there are not intermediates to append your local CA to the ca.crt chain instead.
I had a similar issue recently. The fix above should work, but only partially.
The bw CLI is a nodejs application, which has a separate CA store when compared to the PC the app is run on. Even if the cert is trusted by your local machine, it might not be trusted by the command line.
You will need to define the following environmental variable before being able to fully use the CLI: $env:NODE_EXTRA_CA_CERTS="C:\path\ca.pem"
C:\path\ca.pem represents the path towards your root CA, which must be stored locally on the PC that is trying to connect to the CLI. I’d suggest setting this up on your AD in the future, once everything works.
To apply this change to your machine as a whole, so that you don’t have to re-use the command every time you open a new Powershell, the following command should work:
[Environment]::SetEnvironmentVariable('NODE_EXTRA_CA_CERTS', 'C:\path\ca.pem', 'Machine')
The params define the name, value and then the scope of the variable.
