[Solved] [CLI] Failed to login on our server: "reason: unable to verify the first certificate"

Hi! We’re facing this issue when trying to connect to our instance of Bitwarden with the command-line tool:

$ bw login [email protected]
? Master password: [hidden]
request to https://bitwarden.mycompany.net/api/accounts/prelogin failed, reason: unable to verify the first certificate

The only “extrange” thing that we are doing is that the server is using a wildcard certificate:
CN = *.mycompany.net

Any ideas? Thanks!

OK, solved it. It’s the same problem described here:

And the solution proposed by andre1808 here:

Basically cat cert chain >> certificate.crt , makes it work.

I guess that this should be documented somewhere on the https://help.bitwarden.com/article/install-on-premise document, what do you think @kspearrin ?

Ran into similar problem, except that I was fronting bitwarden with Caddy, and fronting Caddy with FortiGate firewall doing SSL deep inspection. Sufficient to say that Caddy (using LetsEncrypt) was providing a full-chain certificate, but I forgot to add the LetsEncrypt CA’s root chain to the Fortigate. The moment I added https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem to the fortigate, my bitwarden CLI just started working :slight_smile: