[GH-ISSUE #814] Update wiki Private CA/Self Signed certs #565

New issue

Closed

opened 2026-03-03 01:30:36 +03:00 by kerem · 4 comments

kerem commented 2026-03-03 01:30:36 +03:00

Owner

Copy link

Originally created by @stshontikidis on GitHub (Jan 16, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/814

Subject of the issue

Wiki entry on working with private CA issuers and self signed certs has some example commands that are no longer valid for iOS 13 and macOS 10.15. https://support.apple.com/en-us/HT210176
Wiki should reflect that valid server certificate can not have expiry > 825 and ExtendedKeyUsage = Server Authentication

I did a little writeup here
https://www.reddit.com/r/Bitwarden/comments/ep9qyz/self_signed_certs_iosmacos_issue_solved/

Your environment

• Bitwarden_rs version: 2.12.1

• Install method: Docker Image
• Clients used: iOS app, macOS app, chrome
• Reverse proxy and version: nginx/1.10.3
• Other relevant information: iOS 13.3

Steps to reproduce

Followed steps in wiki https://github.com/dani-garcia/bitwarden_rs/wiki/Private-CA-and-self-signed-certs-that-work-with-Chrome and then add certs to iOS >= 13.0.

Expected behaviour

SSL handshake should be successful

Actual behaviour

iOS app has generic server connection error

Relevant logs

nginx
2020/01/15 16:12:31 [info] 13834#13834: *44031 peer closed connection in SSL handshake while SSL handshaking, client: 192.168.1.42, server: 0.0.0.0:443
2020/01/15 16:13:25 [info] 13834#13834: *44032 peer closed connection in SSL handshake while SSL handshaking, client: 192.168.1.42, server: 0.0.0.0:443

Originally created by @stshontikidis on GitHub (Jan 16, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/814 ### Subject of the issue Wiki entry on working with private CA issuers and self signed certs has some example commands that are no longer valid for iOS 13 and macOS 10.15. https://support.apple.com/en-us/HT210176 Wiki should reflect that valid server certificate can not have expiry > 825 and ExtendedKeyUsage = Server Authentication I did a little writeup here https://www.reddit.com/r/Bitwarden/comments/ep9qyz/self_signed_certs_iosmacos_issue_solved/ ### Your environment <!-- The version number, obtained from the logs or the admin page --> * Bitwarden_rs version: 2.12.1 <!-- How the server was installed: Docker image / package / built from source --> * Install method: Docker Image * Clients used: iOS app, macOS app, chrome * Reverse proxy and version: nginx/1.10.3 * Other relevant information: iOS 13.3 ### Steps to reproduce Followed steps in wiki https://github.com/dani-garcia/bitwarden_rs/wiki/Private-CA-and-self-signed-certs-that-work-with-Chrome and then add certs to iOS >= 13.0. ### Expected behaviour SSL handshake should be successful ### Actual behaviour iOS app has generic server connection error ### Relevant logs nginx 2020/01/15 16:12:31 [info] 13834#13834: *44031 peer closed connection in SSL handshake while SSL handshaking, client: 192.168.1.42, server: 0.0.0.0:443 2020/01/15 16:13:25 [info] 13834#13834: *44032 peer closed connection in SSL handshake while SSL handshaking, client: 192.168.1.42, server: 0.0.0.0:443

kerem closed this issue 2026-03-03 01:30:36 +03:00

kerem commented 2026-03-03 01:30:37 +03:00

Author

Owner

Copy link

@stshontikidis commented on GitHub (Jan 16, 2020):

I am willing to update the wiki but I am not involved in the project and did not just want to edit unannounced.

<!-- gh-comment-id:574945052 --> @stshontikidis commented on GitHub (Jan 16, 2020): I am willing to update the wiki but I am not involved in the project and did not just want to edit unannounced.

kerem commented 2026-03-03 01:30:37 +03:00

Author

Owner

Copy link

@dani-garcia commented on GitHub (Jan 18, 2020):

Yeah of course, I'd appreciate if you could update the wiki to include the info you mention, thanks!

<!-- gh-comment-id:575842335 --> @dani-garcia commented on GitHub (Jan 18, 2020): Yeah of course, I'd appreciate if you could update the wiki to include the info you mention, thanks!

kerem commented 2026-03-03 01:30:37 +03:00

Author

Owner

Copy link

@stshontikidis commented on GitHub (Jan 18, 2020):

Made the small update to ext file and server cert command, along with note to source of apple requirements. Take a look and I think we can close this thread.

<!-- gh-comment-id:575915864 --> @stshontikidis commented on GitHub (Jan 18, 2020): Made the small update to ext file and server cert command, along with note to source of apple requirements. Take a look and I think we can close this thread.

kerem commented 2026-03-03 01:30:37 +03:00

Author

Owner

Copy link

@dani-garcia commented on GitHub (Jan 18, 2020):

Looks good to me, thanks!

<!-- gh-comment-id:575937518 --> @dani-garcia commented on GitHub (Jan 18, 2020): Looks good to me, thanks!

kerem referenced this issue 2026-03-03 08:52:59 +03:00

[PR #644] [MERGED] Fixed issue #565 #2767

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#565

No description provided.