we’ve deployed Vaultwarden 2.28.1.
Vaultwarden is running as a docker container on a newly installed VM, SSL termination happens on nginx (SSL proxy in front of Vaultwarden).
The SSL certificate is a self-signed one, generated using the following command:
openssl req -x509 -newkey rsa:4096 -sha256 -nodes -days 365 \ -keyout ./ssl/bitwarden.example.com/private.key \ -out ./ssl/bitwarden.example.com/certificate.crt \ -reqexts SAN -extensions SAN \ -config <(cat /usr/lib/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:bitwarden.example.com\nbasicConstraints=CA:true')) \ -subj "/C=US/ST=New York/L=New York/O=Company Name/OU=Bitwarden/CN=bitwarden.example.com"
This command sets also the SAN parameter, so this should be accepted by modern chromium based browsers.
I’ve integrated the certificate into my operating system (Ubuntu 22.04) trust store and also in the database of chromium ($HOME/.pki/nssdb) as described in the Bitwarden guide (Certificate Options | Bitwarden Help & Support).
Chromium detects the connection as “secure”. Browser plugins in Chrome and Firefox are working.
Only the full desktop app is unable to connect.
The developer view in the electron app shows “ERR_CERT_AUTHORITY_INVALID”.
This looks like the certificate is not imported well, however I’m unsure where the certificate could also be installed.
Maybe you have an idea what could be the problem here?
Thanks in advance!