I’m struggling with that issue for 4 days now, i’m asking for someone cleverness to help me …
I’ve basically setup a bitwarden docker on a NAS which is not reachable from the Internet (local access only, that’s what I want). I can log on my Bitwarden instance Web UI on all browsers on my computer, it works like a charm. But I can’t figure out how to make the Android app working. Each time I try to connect, i have the "Trust anchor for certification path not found" error.
I’ve seeked for a long time about the certificate chain issue, self signed certificate etc… and here is how I generate my stuff (Self signed certificate with own CA) :
echo ">>>>> CA Key"
openssl genrsa -des3 -out towerrootCA.key 4096
echo ">>>>> CA Cert"
openssl req -x509 -new -nodes -key towerrootCA.key -sha256 -extensions v3_ca -config conf.file -days 365 -out towerrootCA.crt
echo ">>>>> Server Key"
openssl genrsa -out tower.key 2048
echo ">>>>> Server csr"
openssl req -new -sha256 -key tower.key -subj “/C=FR/ST=FR/O=MyNas/CN=tower” -extensions v3_req -out tower.csr
echo ">>>>> Server cert"
openssl x509 -req -in tower.csr -CA towerrootCA.crt -CAkey towerrootCA.key -CAcreateserial -out tower.crt -extensions v3_req -days 365 -sha256 -extfile conf.file
cat tower.crt towerrootCA.crt > finalcertif.crt
With conf.file :
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
C = FR
ST = FR
L = Local
O = MyNas
OU = MyNas
CN = tower
[ v3_ca ]
basicConstraints = critical, CA:TRUE, pathlen:3
keyUsage = critical, cRLSign, keyCertSign
nsCertType = sslCA, emailCA
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = u/alt_names
DNS.1 = tower
DNS.2 = tower.local
DNS.3 = tower:18443
I access my bitwarden server with https://tower:18443/bitwarden
I’ve imported my towerrootCA.crt on my computer and on my android phone. My Web Browsers trust the finalcertif.crt (both on computers and Android) but the bitwarden application keeps showing me the error. Do you have any idea ?
Thank you in advance for your help guys,