On-Prem Bitwarden Cert Issue
I’m looking for some help from someone who is fairly experienced in the field of Certificates.
Certs have always been a bit of a weak spot for me personally, so please bear with me.
I’ll try and get straight to the point, in with the nitty gritty.
- I have a local Bitwarden instance on our LAN (Ubuntu docker container), completely isolated (no WAN access).
- Our local Certificate Authority is Windows based, running on IIS.
- Our CA’s FQDN is Thunder.TheDen.home
- Our Bitwarden’s hostname is ‘Mia’ (it’s not on the domain)
- I’ve created DNS entries for Mia.TheDen.home to point towards the Ubuntu hosts static IP.
- I then created a CSR from the Bitwarden Ubuntu host with the Common Name as Mia.TheDen.home
- I uploaded and got this CSR signed by the CA. I then also downloaded the CA’s certificate, and merged the CA’s cert with the Mia.TheDen.home certificate (as advised in the Bitwarden setup notes), and applied this ‘bundled’ cert to the Bitwarden instance.
- I have the CA’s certificate installed on our Windows machines
- Now, when we browse to https://mia.theden.home Bitwarden works great, no cert errors. I can use any browser (Edge, IE and Firefox), and it works fine. Even the FireFox browser plugin for Bitwarden works great without any issues.
However, when we attempt to use the locally install Windows Bitwarden application, the following error is received when trying to login (obtained from the Dev Options toggle within the app):
POST https://mia.theden.home/api/accounts/prelogin net::ERR_CERT_COMMON_NAME_INVALID
It might be worth mentioning, in case it’s related. Although our CA’s FQDN is Thunder.TheDen.home, on the CA’s certificate the Common Name is: heDen-THUNDER-CA-1
Oh, and it looked like the Bitwarden app is Java based. I also tried manually adding the CA’s certificate into the Java control panel – still no dice.
I’ve spent quite a bit of hours trying to figure this out, so any help or points to try would be greatly appreciated. Certificates are not my strong suit
(this is the first step in the hurdle to solve before I then move onto getting the Android app to work with the instance)