mirror of
https://github.com/bitwarden/android.git
synced 2026-03-16 08:33:59 -05:00
There is a problem connecting to the server - Self-signed Cert - Android #252
Closed
opened 2025-11-07 08:32:52 -06:00 by GiteaMirror
·
22 comments
No Branch/Tag Specified
main
llm/add-resolving-sdk-updates-skill
sdlc/sdk-update
pm-33356/policy-changed-push-sync
premium-upgrade/PM-33508-billing-api-service
PM-30130-remove-archive-feature-flag
tooling/improve-review-workflow
QA-1523/sanity-test-saucelabs
release/2026.3-rc48
PM-24380/flight-recorder-redact-hostname
PM-26577-app-links-support
PM-26896-autofill-fix
release/2026.2-rc47
PM-32714/fallback-to-web-vault-host
pr-6572
PM-28834/setting-app-layout-horizonos
vvolkgang/process-release-notes-v2
release/2026.2-rc46
release/2026.1-rc45
PM-30644/added-logs-for-debug
PM-30644/quicktile-nav-not-showing-migration
minor-gradle-updates
release/2026.1-rc42
release/2026.1-rc44
release/2026.1-rc43
PM-28834/set-landscape-on-horizonos-devices
context-rules
devclarity/update-code-review-command
PM-20026/force-ltr-passwords-and-codes
release/2025.12-rc41
cmcg/testCoverage
claude-skill/creating-feature-flags
PM-29014/talkback-support-for-passwords
release/2025.12-rc40
BRE-1305/publish_test
accept-user-certs
autofill-permissions
release/2025.11-rc39
PM-22479/check-all-certificates-validate-asset-links
release/2025.10-rc38
agalles/android-latest
optimize-test-workflows
tier2-test-sharding
retro-agent
PM-27001/skip-account-selection-only-one-exists-cxp
release/2025.10-rc37
agalles/test-1118
release/2025.10-rc36
PM-20593-token-refresh
QA-1126b/adding-native-sanity-test
release/2025.9-rc35
pm-25933/sdk-update-password
release/2025.9-rc34
release/2025.8-rc33
agalles/20250821-release
debug-release-issues
pm-24249-allow-automated-prs-for-sdk-updates
release/2025.8-rc32
release/WORKFLOW-TEST-2025.8-rc28
agalles/20250807release
release/2025.07-rc25
release/hotfix-v2025.7.0-bwa
pm-23311/export-vault-policy-bypass
release/2025.07-rc24
authenticator-pm-sync-flags-issue
ps/implement-sdk-repository-example
release/hotfix-v2025.6.0-bwpm
release/2025.06-rc21
agalles/automate-android-fastlane-patch
release/2025.05-rc20
release/2025.04-rc19
languages/basque
release/2025.03-rc19
update-readme
qrcode/feature
innovation/archive/pm-19153-archive-items
qrcode/2-ui-fields
qrcode/1-page
hold-on-biometric-prompt-alternative
release-notes-process
release/2025.02-rc16
bwa-monorepo
PM-8223/new-device-verification-ux-improvements
pm-18451/exempt-from-policies
test-bwa
cs-workaround-linked-0-copy
release/2025.01-rc15
release/2025.01-rc14
release/2024.12-rc13
pm-16670/sync-leave-notice
821
PM-16695/backport-lean-more-new-device-verification
km/15084-testing
release/hotfix-v2024.11.7
release/2024.11-rc1
pm-11304/collection-add-item-button
PM-14241/disabling-logs-app-crash
poc/offline-editing
new-version-calc
pm-11649/expired-link-services
pm-6702/add-feature-flag
pm-6702/email-verification-feature
pm-9933/marketing-copy-update
pm-6702/registration-flows
update-templates
pm-6701/email-verification-selfhost-registration
v2026.2.1-bwpm
v2026.2.1-bwa
v2026.2.0-bwpm
v2026.2.0-bwa
v2026.1.1-bwa
v2026.1.1-bwpm
temp-test
v2026.1.0-bwpm
v2026.1.0-bwa
v2025.12.1-bwa
v2025.12.1-bwpm
v2025.12.0-bwa
v2025.12.0-bwpm
v2025.11.1-bwpm
v2025.11.1-bwa
v2025.11.0-bwpm
v2025.11.0-bwa
v2025.10.1-bwa
v2025.10.1-bwpm
v2025.10.0-bwa
v2025.10.0-bwpm
v2025.9.1-bwa
v2025.9.1-bwpm
v2025.9.0-bwa
v2025.9.0-bwpm
v2025.8.1-bwa
v2025.8.1-bwpm
v2025.8.0-bwa
v2025.8.0-bwpm
v2025.7.2-bwa
v2025.7.2-bwpm
v2025.7.1-bwa
v2025.7.1-bwpm
v2025.7.0-bwa
v2025.7.0-bwpm
v2025.6.1-bwpm
v2025.6.0-bwa
v2025.6.0-bwpm
v2025.1.0-bwa
v2025.5.0-bwa
v2025.5.0-bwpm
v2025.5.999
2025.4.0
v2025.4.0
untagged-4731eaadac73f3dfbbb8
v2025.3.0
v2025.2.0
untagged-815a165c5d70ffe75bc7
v2025.1.2
v2025.1.1
v2025.1.0
v2024.12.0
untagged-5a76b6392a4c8998c63a
v2024.11.7
v2024.11.6
v2024.11.5
v2024.11.4
v2024.11.3
v2024.11.2
v2024.11.1
v2024.11.0
v2024.10.2
v2024.10.1
v2024.10.0
v2024.9.0
v2024.8.1
v2024.8.0
v2024.7.3
v2024.7.2
v2024.7.1
v2024.7.0
v2024.6.1
v2024.6.0
v2024.5.1
v2024.4.1
v2024.4.2
v2024.4.0
v2024.3.3
v2024.3.1
v2024.3.0
v2024.2.1
v2024.2.0
v2024.1.1
v2024.1.0
v2023.12.0
v2023.10.0
v2023.9.2
maui-single-project-android
v2023.9.1
v2023.9.0
v2023.8.0
v2023.7.0
v2023.5.0
v2023.4.0
v2023.3.2
v2023.3.1
v2023.3.0
v2023.2.0
v2023.1.0
v2022.11.0
v2022.10.0
v2022.9.1
v2022.9.0
v2022.8.0
v2022.6.2
v2022.6.1
v2022.6.0
v2022.05.0
v2.18.0
v2.17.0
v2.16.4
v2.16.3
v2.16.2
v2.16.1
v2.15.0
v2.14.2
v2.14.1
v2.14.0
v2.13.0
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.0
v2.9.1
v2.9.0
v2.8.2
v2.8.1
v2.8.0
v2.7.2
v2.7.0
v2.6.1
v2.6.0
v2.5.6
v.2.5.5
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.3
v2.4.2
v2.4.1
v2.4.0
v2.3.1
v2.3.0
v2.2.8
v2.2.7
v2.2.6
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.0
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.22.1
v1.22.0
v1.21.0
v1.20.0
v1.19.0
v1.18.1
v1.18.0
v1.17.0
v1.16.0
v1.15.2
v1.15.1
v1.15.0
v1.14.4
v1.14.1
v1.14.0
v1.13.0
v1.12.2
v1.12.1
v1.12.0
v1.11.1
v1.11.0
v1.10.0
v1.9.0
v1.8.1
v1.8.0
v1.7.0
v1.6.5
v1.6.1
v1.6.0
v1.5.1
v1.5.0
v1.4.4
v1.4.3
v1.4.0
v1.3.0
v1.2.1
v1.2.0
v1.1.0
v1.0.0
v0.0.6
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/android#252
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @Joshndroid on GitHub (Jul 26, 2018).
So finally got myself up and running today.
Self-hosted windows docker on windows server 2016.
Utilised the self-signed cert option during install.
Have smtp settings finally sorted.
Can connect locally from pc web browser and using the firefox extention. All is good.
Install the android app from the store, configure it up the same as the firefox extension, cannot connect to the server.
Pulled the certificate.crt from bwdata from device placed on android sd card and add to certificates for both 'VPN and apps' and 'wifi' still no connection. I have checked permissions and granted the app everything (only storage and camera listed on android oreo 8.1
I'm at a loss at what could be causing this?
I've googled and read both here and reddit and can't seem to find an answer.
I have read that you may not have an answer, can i somehow force a new cert using let's encrypt? or am i going to have to hard delete bwdata and re-install it again?
Cheers.
@kspearrin commented on GitHub (Jul 26, 2018):
There was a bug with the generated self-signed cert that was fixed in the upcoming version here: https://github.com/bitwarden/core/pull/327
You could try generating a new self-signed cert of your own, replacing what was generated in ./bwdata/ssl
@Joshndroid commented on GitHub (Jul 27, 2018):
Thank you for your reply!
So i followed your advice...
Using ubuntu machine generated a new set of certificat.crt and private.key...
i transferred them into the certificate location in bwdata/ssl/self/bitwardendoman/
The browser recognized a new certificate not yet trusted (so i know it worked).
I added the new certificate.crt to /sdcard of android device
navigated to security -> encryption&credentials -> install from storage
From there found certificate and added it twice (once for VPN & apps & another for Wifi - just in case).
The app configured with my local domain and port...... No dice. still no connection to the server
Navigate using android firefox browser app to the local domain, instant connection && no requirement to trust a new certificate (as it would appear that the device has now trusted it).
Still not sure what the heck is going on.
Any ideas for me to try literally everything else is working just fine just cant connect from the most valuable aspect of the whole thing... the android app :(
@kspearrin commented on GitHub (Jul 27, 2018):
Android app has some additional cert trust requirements. Are you able to check your website here:
https://www.digicert.com/help/
@Joshndroid commented on GitHub (Jul 27, 2018):
I am not running it as a domain or a website.. I'm Literally running it local as I can such that it's hosted as internal ip and that is it. I want to just VPN in to sync while outside the home network which I do for everything else I host
@Joshndroid commented on GitHub (Jul 28, 2018):
I have tried again remade my entire bitwarden instance with a new installation ID
Browsers & browser extensions work.
Android app does not, even when trusted.
I am only running the instance in a local IP address.
There needs to be a check box or an option to decrease the harsh certificate requirements for the android app specifically. I see others are having a similar issue that seem to be similar #209
@Joshndroid commented on GitHub (Jul 31, 2018):
Any other suggestions @kspearrin???... i know your busy as heck and im loving this program... would you consider adding something like the ability to directly import the signed cert to the windows and android program or add a checkbox to allow to reduce the high security with self signed certs.
@kspearrin commented on GitHub (Jul 31, 2018):
I am not sure. Only thing I can suggest is to purchase a trusted cert, or use let's encrypt to get a free trusted one.
@Crocmagnon commented on GitHub (Aug 1, 2018):
I don't think LE can provide you with a valid cert for an IP address 😕
@Joshndroid commented on GitHub (Aug 1, 2018):
It doesn't provide one for an internal ip address. If I can't get this working locally I might have to switch to something else 😢
@MrLuje commented on GitHub (Aug 30, 2018):
@Joshndroid I got the android app working with a manually generated certificate :
@marksarnold commented on GitHub (Sep 4, 2018):
Joshndroid - check out https://community.bitwarden.com/t/password-for-identity-pfx-in-self-hosted-mode/2114
I think that should work for you. Create your own self-signed certificate, and instead of entering a FQDN, enter your local IP. Worked for me.
@dnetguru commented on GitHub (Dec 1, 2018):
I have a working installation of bitwarden_rs with an SSL certificate from my own self-signed CA which worked perfectly with the Bitwarden Android app.
However, my android app stopped working a couple of days ago and I checked and rechecked the entire CA chain, and every certificate and verified using various tools that the correct chain is being presented to the client. I also added the entire intermediate chain to my phone's trust store with no luck!
I noticed that there was a new version released (1.20.0) around the same time things stopped working, so I tried downgrading back to 1.19.0 and everything seems to work now so I'll stick to 1.19 for the time being.
Was something changed in terms of the requirement for the SSL certificate in this new version?
@kspearrin commented on GitHub (Dec 1, 2018):
Nothing was changed directly. We did update some libraries, which may have changed something with HTTP. I am not sure.
@Clever-Data commented on GitHub (Dec 1, 2018):
Hi i can confirm the bug as well, after the recently updated android app attempting to login using a trusted self signed cert you now get "An error has occurred". you can attempt to add the trusted signing authority, or add the crt as trusted... still no difference.
This was working a when last tested a few weeks ago (maybe 2 weeks).
Thanks!
@dnetguru commented on GitHub (Dec 1, 2018):
@kspearrin Alright, I'm going to install VS+Xamarin and try to find out what's going on then.
@Clever-Data are you using
bitwarden_rsas well or the official containers?I'm wondering since the error message is very generic and might not necessarily mean the certificate validation fails.
@dnetguru commented on GitHub (Dec 1, 2018):
Okay, I spent the better half of the night debugging this and it seems like for some reason changing from
targetSdkVersion23 to 26 has introduced this issue:9593f330db (diff-7ebd9bf43152d874f4b1505aa7097044R3)We're hitting a JNI exception on AccountsApiRepository.cs#L40:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.Even though, I have checked, and the entire certificate chain is sent by the server.
I find it very unlikely that there would be a regression like that in the Android SDK, but I will investigate and post a possible fix here.
@kspearrin commented on GitHub (Dec 2, 2018):
Build 1617 was pushed to the play store beta with the fix from @dNetGuru . Can you try it and see if the problem is solved? https://play.google.com/apps/testing/com.x8bit.bitwarden
@poldueta commented on GitHub (Dec 11, 2018):
@kspearrin Faced with the same issue in Play Store version. With beta build 1621 issue resolved. Waiting for release.
@dg10a commented on GitHub (Dec 20, 2018):
Not sure if this should be a separate issue/feature request.
I'm still seeing this error when testing on the latest version in Play Store. My site is using client certificate authentication and the client certificates are installed in system certificate store.
EDIT: I am able to use the web interface and the Firefox extension.
@alexdelorenzo commented on GitHub (Jun 8, 2019):
This is still an issue with the latest version of Bitwarden on Android 9.0.
@djusHa commented on GitHub (Jul 31, 2019):
@thismachinechills:
try this:
https://community.bitwarden.com/t/self-signed-certificate-on-local-network-works-with-chrome-iphone-and-android/2676
works for me on firefox and Android App
@Sp1l commented on GitHub (May 22, 2021):
Just figured out why I got the 'Certificate Chain Validation Error' in the Android client.
OCSP stapling must be configured properly on the webserver.
My webserver jail has no outbound connectivity by default. After fixing OCSP stapling, the Android App works just fine!