Using a Self Hosted setup.

Verified that the self hosted setup is operation, created user, connected the firefox browser plugin, can access the website.

However, when trying to access using the iOS application, i have configured the self hosted URL same as the web browser in the ios application. When i attempt to login it comes up with error “There is a problem connecting to the server.”.

Using safari on he same ios device i can connect to the website no problems.

Is this because I selected the option to use a self-signed certificate ?

Is there something else I should be aware of with the ios application ?

Thank you

If you are using a self signed cert you need to add the cert to the trusted store on each device you use.

I installed the self signed certificate as a “Profile” in iOS, not sure that is actually putting it in the trusted store on an iOS device. Do you have any steps I should follow to load the certificate into a trusted store?

Based on this article [https://www.thesslstore.com/blog/trust-manually-installed-root-certificates-in-ios/] it looks like there are two steps to this since 10.3

1. install the certificate as a profile
2. trust the certificate (General > About > Certificate Trust Setting)

however on ios 11 (11.4) i cant follow the steps in the article to accept it as a root ca cert, as it doesnt show in the list for step 2.

using the same certificate on a windows system i could place the certificate in the trusted root and it was fine.

Thanks for your assistance.

1. You need to email “cert” file to yourself and then open it with safari browser.

2. I am did it myself, but my bitwarden did’t start working on my ipad with iOS 11 (i am still have error: “There is a problem connecting to the server.” )

@retair

I was able to email the certificate to myself but i could never make it a trusted one for anything outside of Safari. I think you have a similar problem

I can confirm however it is totally about the certificate. I ended up buying a cheap certificate and configured bitwarden to use that certificate and the ios application started to work.

Why not use a Let’s Encrypt certificate? I think it is way easier and useful than a selfsigned certificate.

I have exactly the same problem. After installing a self-hosted instance and creating a self-signed certificate I could connect with my PC, via Web and with my laptop.

However, when I try to connect from the iOS app I get a connection error and it is definitely because of the certificate. Like @mrcpaone says, when you add the certificate on iOS it shows up under profiles. However, it doesn’t appear under General -> About -> Certificate Trust Settings, which is where you need to trust it.

Any help please?

@9VNVPDCEUA3DUYR9 - I ended up buying a wildcard certificate and it worked.

So the bad news its 100% the certificate, all the ios articles I read suggested adding the certificate however maybe something has changed in later version of ios that mean you cant trust the certificate for applications, but you can trust it in safari, but the trust in safari does not apply to applciations.

@pernodpepper - It didn’t work for me, on the install i did with lets encrypt, there was no certificates at all

It should work, it works for me. So if you do it correctly it should work for you.
Just make sure port 80 is reachable while requesting the certificate. Also make sure that you type in the correct domain name.

Hello,

Sorry for the up, but I have the same issue since I’ve changed my certificate (expired) on the selfhosted server. All was fine since months…

Since, all is working fine on Chrome/Edge and iOS 13.2.3 Safari (certificate have been added and are marked “verified” and trusted), but when I try to connect via the App, I only get a message “there is a problem connecting to the server” !

Did any one found a solution to fix it? Any indication will be highly appreciated.

Regards,

Self-Signed Certificate on IOS & MacOS

For iOS >13 and MacOS >10.15 Certificates cannot last longer than 825 days, must include extendedKeyUsage flag and TLS server certificates must present the DNS name of the server in the Subject Alternative Name extension of the certificate. DNS names in the CommonName of a certificate are no longer trusted.

How to generate Certificate in Opnsense:
In Opnsense go to System --> Trust : Generate CA. Intermidiate CA and Self-Signed Certificate according to the IOS/MacOS Requirements.

How to Install the Root CA and the Self-Sined Certificate once the required format certificate is created.
1.Copy the CA and Certificate to Mac & iPhone
2.Go to settings -> General -> Profiles . Here is where you should now see the cert you shared with your device. Click on it and go through the Install and Verify process.
3.Go to Settings -> General -> About -> Certificate Trust Settings . Enable the Root CA you just installed as trusted, now any server cert that is signed by your local CA Authority should be trusted
4.Get the server certificate to your device and Install in the same manner you did in step 1-3 for the issuer certificate. This time you will not need to do step 4 since the issuer is the trusted root

This should get you the full chain of trust from the root which is your CA Issuer to the intermediate and ss-cert.