the installer creates a cretificate file identity.pfx when I chose to not create my own certificate or use a LetsEncrypt certificate.
However, when I try to install this certificate on my phone, I am asked for a password.
What is the password ?
Thank you in advance!
identity.pfx is not meant to be installed on any other device. It is for the server to use only.
Ok, maybe I should have asked differently then:
Which certificate do I need to install on the mobile in order for it to connect to my self-hosted host?
Where do I get the certificate from? Extract it from identity.pfx?
You should use Let’s Encrypt or buy an official certificate, for example a Geotrust RapidSSL for the bitwarden.domain.com FQDN. As this is used to store passwords, it’s really important to have a good certificate to ensure SSL-traffic is used.
But you could of course create a self-signed certificate using openssl and then manually install the certificate on your Bitwarden installation as defined in the installation guide, and on your mobile device (can be very tricky to use on iPhones as Apple don’t want to support self-signed certificates).
So I did manage to install the certificate.crt that was created by bitwarden dutring the installation on my mobile phone. However, the app still does not connect.
I think I am having an issue similar to https://github.com/bitwarden/mobile/issues/346
My scenario: I am hosting bitwarden on my laptop. The laptop has no offical IP, just a local 192.168.xx.yy IP that is assigned by my wireless router. So in the bitwarden mobile app, I set that IP address as Server URL Usually, part of establishing an https connection is the client authenticating the hostname against the certificate. In my case I dont even have a hostname, just an IP…
And to make things worse, I am sometimes connected via LAN cable, and sometimes via Wifi, so the IP of the laptop changes.
Any idea how to still be able to use my laptop as server for my app by just connecting to a local IP rather than some server name that gets DNS resolved? My iphone can connect to my laptop via browser, but only after giving me grief about the insecure connection, which is why the mobile app rejects the connection.
I managed to get this working by creating a self-signed certificate with the local IP as FQDN (IP instead of an actual domain name).
Now as far as the changing IPs for the laptop are concerned, I keep switching back and forth between 2 different ones. So I guess I will just create a second crt/key set for the other IP and load that one on the iPhone as well.
Then I will need to copy the correct set into bitwarden’s bwdata/ssl/self/host/ directory and restart bitwarden each time the laptop changes the IP.
Not the most elegant solution. but it works, I guess…
You really ought to get yourself some old computer to run as server for this, all you need is like an old Intel Core2Duo CPU and 4GB of RAM, you can get that almost for free nowadays.
Even an Intel Atom-system would work as long as you have at minimum 2GB ram to make sure the Microsoft SQL-database has enough to start.