I tried to deploy a domain-certificate instead of a self-signed one, but it doesn’t work.
Here is what I did: I created a 4096 SHA 256 certificate with SAN attributes for my server “myserver”. I opened the certificate (base64) with notepad and copied the certificates of my intermediate-ca and root-ca into the file, so the file contains: servercertificate, intermediate-ca certificate, root-ca certificate (in that order). I also merged my intermediate-ca- and root-ca-certificates into one file (intermediate first, root second). So I have three files:
- my servercertificate (containing also intermediate-ca-cert and root-ca-cert)
- my server-key
- my ca-certificates (containing intermediate-ca-cert and root-ca-cert)
I create a directory named /etc/ssl/self/myserver/ (sudo mkdir) and I create these three files
sudo vi /etc/ssl/self/myserver/myserver.crt
copy & paste my servercertificate
sudo vi /etc/ssl/self/myserver/myserver.key
copy & paste my server-key
sudo vi /etc/ssl/self/myserver/root.crt
copy & paste the intermediate-/root-ca-cert
After that, I logon as bitwarden
su bitwarden cd ~
And I edit the bwdata-config-file
ssl_certificate_path: /etc/ssl/self/myserver/myserver.crt ssl_key_path: /etc/ssl/self/myserver/myserver.key ssl_ca_path: /etc/ssl/self/myserver/root.crt
After that I recompile bitwarden and restart it
./bitwarden.sh rebuild ./bitwarden.sh start
And SSL is broken. I can access my site via http but not via https anymore.
I tried to use different paths for the certificates:
./bwdata/ssl/myserver/myserver.crt ./bwdata/ssl/myserver/myserver.key ./bwdata/ssl/myserver/root.crt
But that didn’t work either.
I tried to do as told in Certificate Options | Bitwarden Help & Support, but I can’t make it work.
- What are the correct places for domain-certificates?
- Ho should the cert-files look like?
- Which config-files have to be edited?
PS: My server-certificate looks like this (here shortened), with the servercertificate at first, following the intermediate-ca-cert and the root-ca-cert at the bottom:
-----BEGIN CERTIFICATE----- MIIHWzCCBkOgAwFBAgITcAAAAXi+pvlAFClpBgACAAABeDANBgkqhkiG9w0BAQsF (...) ZKqOm2p+OhRAh+owoN6NWWhYwsnQA+ghVad8ZWKPFKUTYgLUHN2muVxw5P7eJj72 Pqp2tEujumfSNZlG+AvU -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIPuzCCA6OgAwIBAgITHAAAAAYH9eLxQSPpTAABAAAABjANBgkqhkiG9w0BAQsF (...) OMLwRRMs5MG5PDYJDTMqZ+H9ObumUbBNRKR21FdGoQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFxjCCA6agAwIBAgIQGWzKrvC6PItCk6IgbXhXWTANBgkqhkiG9w0BAQsFADBf (...) WxThbqxrahUwn6dV4Qbuo3RyoO+24p4dMHyQTsufqTdWRw== -----END CERTIFICATE-----