Certificate update

I’m running Bitwarden self hosted with the Linux client using self signed certs. It runs as a Snap. Its taken a long time to figure out how to get the bitwarden desktop client working as snaps do not use the system certificate store. Some feedback:

  1. Update the Certificate Options | Bitwarden Help Center page. It links to chromium documentation telling the user to run the certutil command to add the cert to Bitwarden. However, it doesn’t tell the user WHERE the Bitwarden certificate store is located: $HOME/bitwarden/version/.pki/nssdb. Maybe update the document to point the user to the files that need updating?

  2. The cert store being kept in a versioned directory implies that when bitwarden releases the next version of the client I’m going to have to re-add my trusted root again, which isn’t the greatest user experience. Can the cert store be managed someplace that isn’t version dependent? $HOME/snap/bitwarden/common maybe? That would align it to where the Firefox snap puts its profile files.

  3. Why does Bitwarden have its own cert store versus using the system store? In an enterprise environment that has its own PKI setup, this would be very painful to deploy. If it can use the system cert store (or at least automatically pull in enterprise certs) that would make it easier.

Thanks!