github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-03-12 21:24:24 -05:00
Code Issues 144 Packages Projects Releases 116 Wiki Activity

Self hosted - Problem connecting server - Android #190

New Issue
Closed
opened 2025-11-07 08:30:42 -06:00 by GiteaMirror · 16 comments
GiteaMirror commented 2025-11-07 08:30:42 -06:00
Owner
Copy Link

Originally created by @Scifire on GitHub (Jan 29, 2018).

Hey,

just installed bitwarden docker in our environment. All works fine expect the Android app won´t connect to our instance. Browser in Android works also fine.
In the app when i try to login there comes instant an error message: There is a problem connecting to the server.
We use a valid trusted wildcard cert.
Server is behind a firewall with 80&443 open.
OS is Ubuntu 16.04 with no local iptables.
In the docker nginx log i found this entry
2018/01/29 15:37:06 [error] 11#11: ocsp.digicert.com could not be resolved (110: Operation timed out) while requesting certificate status, responder: ocsp.digicert.com, certificate: "/etc/ssl/vault.example.com/certificate.crt"
Of course domain is not example.com ;-)

any other information needed?
Don´t know what i do wrong....

Originally created by @Scifire on GitHub (Jan 29, 2018). Hey, just installed bitwarden docker in our environment. All works fine expect the Android app won´t connect to our instance. Browser in Android works also fine. In the app when i try to login there comes instant an error message: `There is a problem connecting to the server.` We use a valid trusted wildcard cert. Server is behind a firewall with 80&443 open. OS is Ubuntu 16.04 with no local iptables. In the docker nginx log i found this entry `2018/01/29 15:37:06 [error] 11#11: ocsp.digicert.com could not be resolved (110: Operation timed out) while requesting certificate status, responder: ocsp.digicert.com, certificate: "/etc/ssl/vault.example.com/certificate.crt" ` Of course domain is not example.com ;-) any other information needed? Don´t know what i do wrong....
GiteaMirror commented 2025-11-07 08:30:43 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Jan 29, 2018):

Can you send your domain to support@bitwarden.com so we can look?

@kspearrin commented on GitHub (Jan 29, 2018): Can you send your domain to support@bitwarden.com so we can look?
GiteaMirror commented 2025-11-07 08:30:43 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Jan 29, 2018):

Your cert has trust issues. This is why it fails. See https://www.digicert.com/help/

@kspearrin commented on GitHub (Jan 29, 2018): Your cert has trust issues. This is why it fails. See https://www.digicert.com/help/
GiteaMirror commented 2025-11-07 08:30:43 -06:00
Author
Owner
Copy Link

@Scifire commented on GitHub (Jan 30, 2018):

@kspearrin thanks, i figured out how to fix this.
could it be that in the how to is something wrong? I´ve done this step by step.
I have the certificate and also the ca.crt in the folder but nginx won´t use the ca.crt. I have to create a bundle.crt which includes certificate.crt und ca.crt, rename this and now it works.

@Scifire commented on GitHub (Jan 30, 2018): @kspearrin thanks, i figured out how to fix this. could it be that in the how to is something wrong? I´ve done [this](https://help.bitwarden.com/article/install-on-premise/) step by step. I have the certificate and also the ca.crt in the folder but nginx won´t use the ca.crt. I have to create a bundle.crt which includes certificate.crt und ca.crt, rename this and now it works.
GiteaMirror commented 2025-11-07 08:30:43 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Jan 30, 2018):

What type of cert are you using? Our installer only generates LE certs. Other than that you have to provide your own proper cert. Which configuration did you choose during set up? This determines how your nginx config file gets generated.

@kspearrin commented on GitHub (Jan 30, 2018): What type of cert are you using? Our installer only generates LE certs. Other than that you have to provide your own proper cert. Which configuration did you choose during set up? This determines how your nginx config file gets generated.
GiteaMirror commented 2025-11-07 08:30:44 -06:00
Author
Owner
Copy Link

@Scifire commented on GitHub (Jan 30, 2018):

We use a wildcard cert from digicert. Most CAs give you a separate cert file and ca cert file. Letsencrypt give you also a cert.csr but also a fullchain.pem which is a bundle of ca cert and cert.
So i would recommend you to add this step to the help page:
Create a bundle of Cert and CA cert if it´s not.
cat certificate.crt ca.crt >>bundle.crt

@Scifire commented on GitHub (Jan 30, 2018): We use a wildcard cert from digicert. Most CAs give you a separate cert file and ca cert file. Letsencrypt give you also a cert.csr but also a fullchain.pem which is a bundle of ca cert and cert. So i would recommend you to add this step to the help page: Create a bundle of Cert and CA cert if it´s not. `cat certificate.crt ca.crt >>bundle.crt`
GiteaMirror commented 2025-11-07 08:30:44 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Jan 30, 2018):

Which cert option did you choose during install? This is the login used:

        var sslPath = LetsEncrypt ? $"/etc/letsencrypt/live/{Domain}" :
            SelfSignedSsl ? $"/etc/ssl/self/{Domain}" : $"/etc/ssl/{Domain}";
        var certFile = LetsEncrypt ? "fullchain.pem" : "certificate.crt";
        var keyFile = LetsEncrypt ? "privkey.pem" : "private.key";
        var caFile = LetsEncrypt ? "fullchain.pem" : "ca.crt";
@kspearrin commented on GitHub (Jan 30, 2018): Which cert option did you choose during install? This is the login used: var sslPath = LetsEncrypt ? $"/etc/letsencrypt/live/{Domain}" : SelfSignedSsl ? $"/etc/ssl/self/{Domain}" : $"/etc/ssl/{Domain}"; var certFile = LetsEncrypt ? "fullchain.pem" : "certificate.crt"; var keyFile = LetsEncrypt ? "privkey.pem" : "private.key"; var caFile = LetsEncrypt ? "fullchain.pem" : "ca.crt";
GiteaMirror commented 2025-11-07 08:30:44 -06:00
Author
Owner
Copy Link

@Scifire commented on GitHub (Jan 30, 2018):

During install i used "Use existing cert"
Problem is that nginx can´t use a cert File and a different ca file (as far as i know)

@Scifire commented on GitHub (Jan 30, 2018): During install i used "Use existing cert" Problem is that nginx can´t use a cert File and a different ca file (as far as i know)
GiteaMirror commented 2025-11-07 08:30:44 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Jan 30, 2018):

I am still a bit confused as to what needs to be changed though?

@kspearrin commented on GitHub (Jan 30, 2018): I am still a bit confused as to what needs to be changed though?
GiteaMirror commented 2025-11-07 08:30:44 -06:00
Author
Owner
Copy Link

@Scifire commented on GitHub (Jan 30, 2018):

The Install on Premise instruction is not complete.
If you use a single file certificate and a single file CA certificate (certificate.crt & ca.crt) it won´t work. nginx can handle this only in a bundle.
So i need to create this bundle manual as i wrote above or you add some magic in docker which do this for me.

@Scifire commented on GitHub (Jan 30, 2018): The [Install on Premise](https://help.bitwarden.com/article/install-on-premise/) instruction is not complete. If you use a single file certificate and a single file CA certificate (certificate.crt & ca.crt) it won´t work. nginx can handle this only in a bundle. So i need to create this bundle manual as i wrote above or you add some magic in docker which do this for me.
GiteaMirror commented 2025-11-07 08:30:45 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Jan 30, 2018):

So after you create the bundle.crt what do you do with it? the nginx config is not looking for a file called bundle.crt

@kspearrin commented on GitHub (Jan 30, 2018): So after you create the bundle.crt what do you do with it? the nginx config is not looking for a file called bundle.crt
GiteaMirror commented 2025-11-07 08:30:45 -06:00
Author
Owner
Copy Link

@Scifire commented on GitHub (Jan 30, 2018):

rename it to certificate.crt that nginx use it ;-)

@Scifire commented on GitHub (Jan 30, 2018): rename it to certificate.crt that nginx use it ;-)
GiteaMirror commented 2025-11-07 08:30:45 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Jan 30, 2018):

Sorry I am not an expert on SSL certs, so to be clear:

  1. You received a certificate.crt, and ca.crt from your SSL provider.
  2. You run cat certificate.crt ca.crt >>bundle.crt you create a new bundle.crt.
  3. In bitwarden's ssl folder for your domain you replace original certificate.crt with bundle.crt (renamed to certificate.crt so it can still be read)?
@kspearrin commented on GitHub (Jan 30, 2018): Sorry I am not an expert on SSL certs, so to be clear: 1. You received a `certificate.crt`, and `ca.crt` from your SSL provider. 2. You run `cat certificate.crt ca.crt >>bundle.crt` you create a new `bundle.crt`. 3. In bitwarden's ssl folder for your domain you replace original `certificate.crt` with `bundle.crt` (renamed to `certificate.crt` so it can still be read)?
GiteaMirror commented 2025-11-07 08:30:45 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Jan 30, 2018):

In the end you have the following files in SSL folder:

  • certificate.crt (bundle.crt renamed)
  • private.key
  • ca.crt
@kspearrin commented on GitHub (Jan 30, 2018): In the end you have the following files in SSL folder: - `certificate.crt` (`bundle.crt` renamed) - `private.key` - `ca.crt`
GiteaMirror commented 2025-11-07 08:30:46 -06:00
Author
Owner
Copy Link

@Scifire commented on GitHub (Jan 30, 2018):

Exactly :)
A little hint to this would be nice in the help page and i think the easiest thing for you.

@Scifire commented on GitHub (Jan 30, 2018): Exactly :) A little hint to this would be nice in the help page and i think the easiest thing for you.
GiteaMirror commented 2025-11-07 08:30:46 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Jan 30, 2018):

Updated here: https://help.bitwarden.com/article/install-on-premise/#install-bitwarden

certificate.crt (required). If not done so already, you may need to bundle your primary certificate with any intermediate certificates provided by the CA or else you will receive SSL trust errors. ex. cat domain.crt ca.crt >> certificate.crt. See here for more information.

@kspearrin commented on GitHub (Jan 30, 2018): Updated here: https://help.bitwarden.com/article/install-on-premise/#install-bitwarden > certificate.crt (required). If not done so already, you may need to bundle your primary certificate with any intermediate certificates provided by the CA or else you will receive SSL trust errors. ex. cat domain.crt ca.crt >> certificate.crt. See here for more information.
GiteaMirror commented 2025-11-07 08:30:46 -06:00
Author
Owner
Copy Link

@Scifire commented on GitHub (Jan 31, 2018):

Nice, i think that will help future installations

@Scifire commented on GitHub (Jan 31, 2018): Nice, i think that will help future installations
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#190
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?