Thanks Monty, this was exactly the issue!
I finally got around to fixing this, which also fixed it so that I can now use the apps on Mobile Devices too!
Admittedly my use case is probably quite small, as our local CA is Microsoft (Running on a Windows DC).
For anyone else having this issue, what I did was:
-
Before generating the CSR on the BitWarden server, an amendment to the OpenSSL Config file is required to allow providing of an Subject Alt Name for the cert.
-
Add the following field under the heading ‘[ req_distinguished_name ]’ in the file /etc/ssl/openssl.cnf
subjectAltName = SubjectAltName (e.g. DNS:mia.theden.home,IP:10.0.0.13) -
Generate a new CSR from the BitWarden server, using the following command:
openssl req -new -newkey rsa:2048 -nodes -keyout mia.theden.home.key -out mia.theden.home.csr -
You will need to make the following change on your MS CA to allow the CA to provide the cert with a SAN (Subject Alternative Name)
-
Logon to the CA, and run the following cmd as admin:
certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2 -
Restart the CertSvc service on the CA for the changes to take affect
-
Logon to the CA webportal: https://CA/certsrv
-
Paste the CSR from the BitWarden server into the request field, and select the ‘Web Server’ template from the drop down
-
Add the following into the ‘Additional Attributes’ section:
san:dns=mia.theden.home&ipaddress=10.0.0.13
Submit the request, and obtain the certificate in Base 64 encoded format