Self-Signed Certificate

I don’t know where to post this, but I am ultimately defeated. I am self-hosting a Bitwarden Vault, and it works great except on the iPhone app. I found I needed to fix the certificate, but no matter what I did, I was completely locked down because I could run the SAN command. I have already been reading and trying everything from Bitwarden’s walkthrough for it, and I still can’t get it going. Does anyone else have a good resource for getting it done? I feel like I have tried every single way under the sun but yet still can make a cert. I really don’t want to reinstall Bitwarden just for it to create its own self-signed certificate. The main problem with Bitwarden making one is that it makes the expiration date for the certificate 118 years, and I can’t have that. I need it to be 365 days. If anyone has anything, I will try what I have not done thus far.

Thanks

I would recommend using a reverse proxy in in order to get a valid certificate. I don’t have an iPhone to confirm this, but I think the iPhone app will not let you use a self signed cert.

Thanks for the quick response.

For my issue, as of this moment, all I need to do is put the alternate naming on the certificate, and this would mostly solve my problem. On the iPhone, all I have to do is add it to trusted certificates, which I have done for other things before and it works. My main issue is that iPhone will not allow anything more than one year for a certificate. This started this whole thing because my original certificate that was auto-generated during the Bitwarden install was 118 years old.

For the reverse proxy, I did try that a few weeks ago and followed the video you have. I must be missing something because it requires me to have an FQDN, and I am having a few other issues that I don’t remember off the top of my head.

My main goal for this was to use a VPN to connect back to my network and use Bitwarden. Since it’s just me right now using it, I am not worried about anyone else using it. It works great on everything, even my iPhone, as long as I use a browser on the iPhone. I cannot use the app, which I hoped I could do.

There are a lot of things that won’t let you use a self signed cert, I run into this a lot. Either set up a CA and copy the certs to the devices, or set it up to get a “real” cert from a trusted supplier and everything will work better.

Thanks for the response,

I have copied the cert to the devices. The issue is creating the new cert. It will not write SAN to it correctly, causing it not to work. That is where I am stuck at the moment. Once I can figure it out, I can load the new cert onto my devices and be back up and running again.

Do you have a recommendation for a good place to create the cert other than using OpenSSL in Windows? Maybe I should do it on Linux? Although I have also attempted this on WSL with Ubuntu 24.02, I still have an issue with SAN.

I’d recommend using linux because I think it is easier. But some may not think so.

If you had Windows Server running, then you might be able to add the certificate authority role/feature and that may be somewhat easy.

With a reverse proxy, you can get a letsencrypt certificate using the acme DNS -01 challenge. You will need to use a valid FQDN with a domain registered with a supported DNS provider but it doesn’t need an external A record or for the proxy to be accessible from the Web.

Traefik will work for this or you could look at Zoraxy which has a GUI and supports the DNS ACME challenge.