Deploying domain-certificate fails

Hello,

I tried to deploy a domain-certificate instead of a self-signed one, but it doesn’t work.

Here is what I did: I created a 4096 SHA 256 certificate with SAN attributes for my server “myserver”. I opened the certificate (base64) with notepad and copied the certificates of my intermediate-ca and root-ca into the file, so the file contains: servercertificate, intermediate-ca certificate, root-ca certificate (in that order). I also merged my intermediate-ca- and root-ca-certificates into one file (intermediate first, root second). So I have three files:

  • my servercertificate (containing also intermediate-ca-cert and root-ca-cert)
  • my server-key
  • my ca-certificates (containing intermediate-ca-cert and root-ca-cert)

I create a directory named /etc/ssl/self/myserver/ (sudo mkdir) and I create these three files
sudo vi /etc/ssl/self/myserver/myserver.crt
copy & paste my servercertificate
sudo vi /etc/ssl/self/myserver/myserver.key
copy & paste my server-key
sudo vi /etc/ssl/self/myserver/root.crt
copy & paste the intermediate-/root-ca-cert

After that, I logon as bitwarden

su bitwarden
cd ~

And I edit the bwdata-config-file
vi ./bwdata/config.yml

	ssl_certificate_path: /etc/ssl/self/myserver/myserver.crt
	ssl_key_path: /etc/ssl/self/myserver/myserver.key
	ssl_ca_path: /etc/ssl/self/myserver/root.crt

After that I recompile bitwarden and restart it

./bitwarden.sh rebuild
./bitwarden.sh start

And SSL is broken. I can access my site via http but not via https anymore.

I tried to use different paths for the certificates:

./bwdata/ssl/myserver/myserver.crt
./bwdata/ssl/myserver/myserver.key
./bwdata/ssl/myserver/root.crt

But that didn’t work either.

I tried to do as told in Certificate Options | Bitwarden Help & Support, but I can’t make it work.

  1. What are the correct places for domain-certificates?
  2. Ho should the cert-files look like?
  3. Which config-files have to be edited?

PS: My server-certificate looks like this (here shortened), with the servercertificate at first, following the intermediate-ca-cert and the root-ca-cert at the bottom:

-----BEGIN CERTIFICATE-----
MIIHWzCCBkOgAwFBAgITcAAAAXi+pvlAFClpBgACAAABeDANBgkqhkiG9w0BAQsF
(...)
ZKqOm2p+OhRAh+owoN6NWWhYwsnQA+ghVad8ZWKPFKUTYgLUHN2muVxw5P7eJj72
Pqp2tEujumfSNZlG+AvU
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIPuzCCA6OgAwIBAgITHAAAAAYH9eLxQSPpTAABAAAABjANBgkqhkiG9w0BAQsF
(...)
OMLwRRMs5MG5PDYJDTMqZ+H9ObumUbBNRKR21FdGoQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFxjCCA6agAwIBAgIQGWzKrvC6PItCk6IgbXhXWTANBgkqhkiG9w0BAQsFADBf
(...)
WxThbqxrahUwn6dV4Qbuo3RyoO+24p4dMHyQTsufqTdWRw==
-----END CERTIFICATE-----