iOS App SSL Error

I’m using the latest iOS Bitwarden app on iOS 13.7 and have running latest self hosted Bitwarden on docker. Also using my own SSL certificates works like charm. Also on Safari (iOS) it works fine.
But on Bitwarden app I always get an SSL error that the server is not trusted. Of course I have installed my certificated and even CA on my iPhone.

Bug?

Hello @BitWarNoob,

Most probably this is caused by the new requirements of Apple for TLS certificates. Maybe this link will help you:


If not I will be happy to help you further.

I first created the CA then the Certificate. But of course it’s only a self signed. I’ve created it with my pfSense and exported it for my Bitwarden server. The certificate seems to be fine because Safari browser shows as secured and trusted https. Only Bitwarden iOS app get this error.

Almost, in the Requirememnts [1] it also depends when your certificate is created. On the linked thread (above) there is a script which you can create the certificates that work :slight_smile:, if that is the problem.


You might have the problem that your CA is not imported on the iOS device. If so try the following link:


An unlikely possibility is that you have a link on your Server URL starting with http:// instead of https://. I forget that sometimes.


Background

Personally I have Bitwarden app on ipadOS (13.7) and Android (6, 8 & 10). I had no problem with the certificates until now.


Refrences

[1] Requirements for trusted certificates in iOS 13 and macOS 10.15, https://support.apple.com/en-us/HT210176

I ran the script above and copied the .crt and .key file to my bitwarden. But where to move the CA?
While running the script it also gives my an error in line 12 “command not found” (line with the E-Mail address).

Oh and on my Windows 10 machine I now get “NET::ERR_CERT_AUTHORITY_INVALID”. I’ve installed the .crt as usual on W10.

Hello @BitWarNoob,
are you running the script with bash under linux or mac? If on Windows 10 pro, there should be the possibility to run ubuntu terminal link.

The script must run error free for CA to work as invalid information (like wrong domain).

Importing on Win10 & Firefox

For Windows 10 you should be able to import the root CA like in the following youtube video and for firefox like on this youtube video starting at 1:34. The default name of the CA you should import is rootCA on the script.

This should also resolve this issue:

Runing the script

After running the script you should see the following folders:
image

The rootCA.pem is to be imported in Firefox and Win
image

I’m running everything on Ubuntu Server 20.04. I’ve got it working now following these steps: https://7402.org/blog/2019/new-self-signed-ssl-cert-ios-13.html

I only needed to import the .crt file on my W10 machine and also on iOS. Both are now working :slight_smile:

I see you decided against a Certificate Authority.

But im happy that you solved the problem.
Cheers :slight_smile:

I just came across a relatively simple solution that can solve SSL errors. Simply add a ‘DNS rewrite’ in your router or Ad Guard Home (under the filters tab) that forwards all requests from your external IP address to the local ip of the bitwarden server. (ex: my-domain.duckdns.org → 192.168.0.100) Your new bitwarden address should be https://externalurl.duckdns.org:port. Now that the address matches your certificate, your iPhone won’t freak out and block the server. I am running HassIO on an Odroid N2+ with Duckdns, Wireguard VPN, Ad Guard Home, and Bitwarden RS.