I have a Bitwarden instance being self hosted at home on Ubuntu and recently found out that my iOS app I can no longer sync with the server. It turns out my certificate is no longer valid under iOS 13 due to the new extendedkey requirement by Apple. I was looking for a solution to generating a new SSL certificate for my LAN only access but can’t find any information in doing so. I tried reinstalling and generating the SSL certificate again but the error when trying to access the server through the app remains so it tells me that the installation script has yet to be updated to get around this issue.
Could someone help a newbie solve this? I can provide as much information as needed.
Again, this is a simple LAN only setup with no host names that was working fine prior to iOS 13.
Hello @chench0,
since you have self hosted bitwarden I guess you are a bit familiar with the console.
To fulfill the requirements [1] you can follow the reference [2] to generate a self-signed certificate. I personally would prefer to generate a CA [3].
I’ve not listed any steps here since I have no time right now to test them myself.
Hope this helps
PS: you will need to delete the current certificate from your iOS (delete bitwarden app and it’s data, only thing I can think)
Thank you for such a clear reply! So I think I may try [3] but I assume that when done I would need to import everything into my Bitwarden host machine, in my case, ~/bwdata/ssl/self/ ?
So I followed the instructions on that article and I ended up with three files, a .cert. (certificate), a .key and a .cer (CA). What do I do with the latter if anything?
Hello @chench0,
I have a tested solution which you can execute on Linux or MacOS. Instead of just creating a self signed certificate I decided to create CA first then the certificate, that way you can create and sign multiple certificates for your domain.
Secondly I also have a configuration to create a wildcard certificate. Modify as you please (DNS.1, DNS.2 in config file within the script).
Create Certificates
Create a file called caCertGenerator.sh
Copy the content given (see below)
Replace the variables at the beginning of the script (
Copy the *.crt and *.key (under the domain folder created from the script) and put
them inside bwdata/ssl/self/<domainName>
Correct the path on bwdata/config.yml on ssl_certificate_path and ssl_key_path.
This is amazing @Pulsar! I truly appreciate you taking the time to put this together! I will be trying this in a few minutes and can’t wait to get it working.