[GH-ISSUE #568] How to generate the PEM files for HTTPS connection? #370

New issue

Closed

opened 2026-03-03 01:28:28 +03:00 by kerem · 2 comments

kerem commented

2026-03-03 01:28:28 +03:00

Owner

Originally created by @muibusan on GitHub (Aug 11, 2019).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/568

I installed bitwarden_rs on my local network's rPi - without a Fully Qualified Domain (FQDN) - so I use my local IP address (192.168.2.2). The server is not exposed to the internet. Works like a charm. Now I like to generate self-signed certificates (local CA, no LetsEncrypt) to establish a HTTPS connection to the Bitwarden Vault, but I don't understand the wiki on that issue. Can someone help me? Sry, I'm a SSL noob.

To cut it short: How can I get hold of those two PEM files mentioned in the command line
-e ROCKET_TLS='{certs="/ssl/certs.pem",key="/ssl/key.pem"}'

I had a look here, too, but not a bit of the PEM files there either. What are the commands to get them?

Thanks a lot in advance!

Originally created by @muibusan on GitHub (Aug 11, 2019). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/568 I installed bitwarden_rs on my local network's rPi - without a Fully Qualified Domain (FQDN) - so I use my local IP address (192.168.2.2). The server is not exposed to the internet. Works like a charm. Now I like to generate self-signed certificates (local CA, no LetsEncrypt) to establish a HTTPS connection to the Bitwarden Vault, but I don't understand the wiki on that issue. Can someone help me? Sry, I'm a SSL noob. To cut it short: How can I get hold of those two PEM files mentioned in the command line `-e ROCKET_TLS='{certs="/ssl/certs.pem",key="/ssl/key.pem"}'` I had a look [here](https://github.com/dani-garcia/bitwarden_rs/wiki/Private-CA-and-self-signed-certs-that-work-with-Chrome), too, but not a bit of the PEM files there either. What are the commands to get them? Thanks a lot in advance!

kerem closed this issue

2026-03-03 01:28:28 +03:00

kerem commented

2026-03-03 01:28:29 +03:00

Author

Owner

@AndrewMoscoe commented on GitHub (Aug 15, 2019):

Your .key files are probably PEM files with a different extension. Rename them and try.

https://stackoverflow.com/questions/991758/how-to-get-pem-file-from-key-and-crt-files

@AndrewMoscoe commented on GitHub (Aug 15, 2019): Your .key files are probably PEM files with a different extension. Rename them and try. https://stackoverflow.com/questions/991758/how-to-get-pem-file-from-key-and-crt-files

kerem commented

2026-03-03 01:28:29 +03:00

Author

Owner

@muibusan commented on GitHub (Aug 15, 2019):

Thank you a lot ... your hint made it clear to me and now it works. 👍

Just for others in case: There is no must for the files in the ROCKET_TLS line to be named pem. Important is the underlying file format which needs to be PEM, i.e. base64-coded. Since the PEM format is openssl's default you can also put .cert, .cer, .crt and .key files in the ROCKET_TLS line (i.e. with their own file extension, not pem) or - as an alternative - rename these files to .pem. Both ways work.

@muibusan commented on GitHub (Aug 15, 2019): Thank you a lot ... your hint made it clear to me and now it works. 👍 Just for others in case: There is no must for the files in the ROCKET_TLS line to be named pem. Important is the underlying file format which needs to be PEM, i.e. base64-coded. Since the PEM format is openssl's default you can also put .cert, .cer, .crt and .key files in the ROCKET_TLS line (i.e. with their own file extension, not pem) or - as an alternative - rename these files to .pem. Both ways work.

kerem referenced this issue

2026-03-03 08:36:38 +03:00

[PR #370] [MERGED] Added better favicon downloader. #2715