I know this is not a Bitwarden issue, but perhaps one or more people here have set up an on prem Bitwarden instance the way I have mine set up and might have some suggestions.
I wanted my Bitwarden on prem server to only be accessible internally - no outside access other than over VPN. That being said, I set it all up using an internal .local FQDN. I used Active Directory Certificate services to generate a server certificate for the Bitwarden servers internal FQDN, and made sure the root CA is installed on my PC (I believe it automatically populates in the certificate store because it’s joined to the domain) and on my PC, everything’s fine. IE (for testing) doesn’t complain at all, the certificate chain is happy and the certificate status is listed as ‘OK’. Brave complains about it being ‘not secure’, probably because it uses some form of its own certificate store like Firefox does, but most importantly, the Bitwarden plugin for Brave is happy - logged in to the local server just fine, so I GUESS it’s using the WINDOWS cert store, not the Brave cert store.
Here’s where I’m lost: My Android phone (and I might have similar issues with apple devices if up upgrade to a family plan and provide it for my family). For work, we have an Avaya IP Office phone system, and part of that is a session border controller that our desk phones connect to and we can also use an android or ios soft client to connect. This is very reliant on certificates. The certificates from the root CA certificate down to the web server certificate are all self generated/signed in either the IPO or the SBC. There is a procedure for installing root CA certificates on Android, which I did for the phone system, and Brave is happy when going to that URL. I did the same procedure to install the root certificate from my AD domain controller on my phone, it shows up right under the Avaya certificate, but even with a reboot, it isn’t liking the certificate for the Bitwarden server. Brave complains like it does on my PC, but on the phone, so does the Bitwarden client.
Does anyone have any thoughts as to why the Android isn’t liking the certificate, despite installing the AD root CA certificate in the same manner as the Avaya certificate, but the Windows machine is completely satisfied with it provided the CA certificate is installed?