I am currently setting up a self-hosted Bitwarden instance on a Debian 11.2 in a private network without access from the internet. Unfortunately I am facing the same issue right now and receive the “Failed to fetch” error message, when trying to connect from the Windows Bitwarden desktop application to my vault.
As I can only use a self-signed certificate (for now), which needs to comply to Apple’s security requirements for certificates, I have created a config file for the certifcate like this:
[ req ]
default_bits = 4096
default_md = sha512
prompt = no
encrypt_key = no
distinguished_name = req_distinguished_name
x509_extensions = usr_cert
[ req_distinguished_name ]
countryName = "US" # Two Digit Country Code
stateOrProvinceName = "California" # State or Province Name
organizationName = "Perpetual Technologies" # Organization Name
commonName = "Bitwarden" # Project or Domain Name (FQDN)
emailAddress = "[email protected]" # Any Email Address
[ usr_cert ]
basicConstraints = critical, CA:true, pathlen:0
nsCertType = sslCA
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth
nsComment = "OpenSSL CA Certificate"
subjectAltName = @alt_names
DNS.1 = vm-bitwarden-debian.fritz.box. # Local Hostname or Public Domain Name
IP.1 = 192.168.1.100 # Local or Public IP Address
Afterwards I have created the certificate with this statement:
sudo openssl req -x509 -keyout /etc/ssl/private/bitwarden.key -out /etc/ssl/certs/bitwarden.crt -config ~/bitwarden.cnf -days 365
It is possible to import the self-signed certificate locally on any iOS device as well as the local windows browsers and trust it, so Bitwarden works on the self-hosted instance perfectly. However, unfortunately the Bitwarden Windows App comes back with the “Failed to fetch” error message even though I have added the local DNS name as subjectAltName.
Is anybody able to provide some help, how I can get all this aligned, so all clients such as iOS devices, Windows Browsers and also Windows Desktop App can connect properly to the vaults and manage them, please?
Thanks for your kind support and keep the great community up!