Hi everybody,
Did anyone already try to setup a full local selfhosted bitwarden (without any Let's Encrypt) and make it working with Android ?
I have bitwarde docker running on my Unraid, reachable on all web browser through https://tower:18443/bitwarden (including Web browsers on my phone) thanks to a self signed certificate with self CA. The only thing I can't have working is the bitwarden Android App which throw me a "Trust anchor for certification path not found" error even though i've imported the CA certificate.
Here is how I generate my stuff :
# >>>>> CA Key
openssl genrsa -des3 -out towerrootCA.key 4096
# >>>>> CA Cert
openssl req -x509 -new -nodes -key towerrootCA.key -sha256 -extensions v3_ca -config conf.file -days 365 -out towerrootCA.crt
# >>>>> Server Key
openssl genrsa -out tower.key 2048
# >>>>> Server csr
openssl req -new -sha256 -key tower.key -subj "/C=FR/ST=FR/O=MyNas/CN=tower" -extensions v3_req -out tower.csr
# >>>>> Server cert
openssl x509 -req -in tower.csr -CA towerrootCA.crt -CAkey towerrootCA.key -CAcreateserial -out tower.crt -extensions v3_req -days 365 -sha256 -extfile conf.file cat tower.crt towerrootCA.crt > finalcertif.crt
With my config.file :
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = FR
ST = FR
L = Local
O = MyNas
OU = MyNas
CN = tower
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical, CA:TRUE, pathlen:3
keyUsage = critical, cRLSign, keyCertSign
nsCertType = sslCA, emailCA
[v3_req]
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = u/alt_names
[alt_names]
DNS.1 = tower
DNS.2 = tower.local
DNS.3 = tower:18443
Thank you for help, have a good day,