github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-03-13 13:44:36 -05:00
Code Issues 144 Packages Projects Releases 116 Wiki Activity

[Android] Self-signed certificate not working in latest version 2.2.7 #886

New Issue
Closed
opened 2025-11-26 22:33:14 -06:00 by GiteaMirror · 7 comments
GiteaMirror commented 2025-11-26 22:33:14 -06:00
Owner
Copy Link

Originally created by @Joentje on GitHub (Dec 14, 2019).

I running the self hosted Bitwarden solution using Docker, which is working great! Created the self signed certificate during the setup of Bitwarden. Installed the certificate on my phone (Android 9) as well, and the app (v2.2.6) worked.

But after the update to version 2.2.7 it didn't work anymore. Now I'm getting the following error:

Exeption message: Hostname 192.168.1.20 not verified: certificate: sha1/hash DN: CN:192.168.1.20, OU=Bitwarden, O=8bit Solutions LLC, L=Jacksonville, ST=Florida, C=US subjectAltNames: [192.168.1.20]

Any thoughts?

Originally created by @Joentje on GitHub (Dec 14, 2019). I running the self hosted Bitwarden solution using Docker, which is working great! Created the self signed certificate during the setup of Bitwarden. Installed the certificate on my phone (Android 9) as well, and the app (v2.2.6) worked. But after the update to version 2.2.7 it didn't work anymore. Now I'm getting the following error: ``` Exeption message: Hostname 192.168.1.20 not verified: certificate: sha1/hash DN: CN:192.168.1.20, OU=Bitwarden, O=8bit Solutions LLC, L=Jacksonville, ST=Florida, C=US subjectAltNames: [192.168.1.20] ``` Any thoughts?
GiteaMirror commented 2025-11-26 22:33:15 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Dec 16, 2019):

Can you create a certificate for an IP address? I thought a hostname was required.

@kspearrin commented on GitHub (Dec 16, 2019): Can you create a certificate for an IP address? I thought a hostname was required.
GiteaMirror commented 2025-11-26 22:33:15 -06:00
Author
Owner
Copy Link

@Joentje commented on GitHub (Dec 16, 2019):

Just repeated the steps during the installation:

(!) Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com): 192.168.1.20
(!) Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n): n

1.32.0: Pulling from bitwarden/setup
Digest: sha256:e88f1611ff88c77a6255c49189ac3c965aaa3576fa6980ba54f2be10a96907b5
Status: Image is up to date for bitwarden/setup:1.32.0

(!) Enter your installation id (get at https://bitwarden.com/host): id
(!) Enter your installation key: key
(!) Do you have a SSL certificate to use? (y/n): n
(!) Do you want to generate a self-signed SSL certificate? (y/n): y

Generating self signed SSL certificate.
Generating a RSA private key
...........................++++
...++++
writing new private key to '/bitwarden/ssl/self/192.168.1.20/private.key'
-----
Generating key for IdentityServer.
Generating a RSA private key
...........................................................................................................................................++++
..................................................................................................++++
writing new private key to 'identity.key'
-----

!!!!!!!!!! WARNING !!!!!!!!!!
You are using an untrusted SSL certificate. This certificate will not be
trusted by Bitwarden client applications. You must add this certificate to
the trusted store on each device or else you will receive errors when trying
to connect to your installation.

It only asks for the domain, not the hostname. Is that correct?

@Joentje commented on GitHub (Dec 16, 2019): Just repeated the steps during the installation: ``` (!) Enter the domain name for your Bitwarden instance (ex. bitwarden.example.com): 192.168.1.20 (!) Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n): n 1.32.0: Pulling from bitwarden/setup Digest: sha256:e88f1611ff88c77a6255c49189ac3c965aaa3576fa6980ba54f2be10a96907b5 Status: Image is up to date for bitwarden/setup:1.32.0 (!) Enter your installation id (get at https://bitwarden.com/host): id (!) Enter your installation key: key (!) Do you have a SSL certificate to use? (y/n): n (!) Do you want to generate a self-signed SSL certificate? (y/n): y Generating self signed SSL certificate. Generating a RSA private key ...........................++++ ...++++ writing new private key to '/bitwarden/ssl/self/192.168.1.20/private.key' ----- Generating key for IdentityServer. Generating a RSA private key ...........................................................................................................................................++++ ..................................................................................................++++ writing new private key to 'identity.key' ----- !!!!!!!!!! WARNING !!!!!!!!!! You are using an untrusted SSL certificate. This certificate will not be trusted by Bitwarden client applications. You must add this certificate to the trusted store on each device or else you will receive errors when trying to connect to your installation. ``` It only asks for the domain, not the hostname. Is that correct?
GiteaMirror commented 2025-11-26 22:33:15 -06:00
Author
Owner
Copy Link

@Joentje commented on GitHub (Dec 20, 2019):

So, after creating a self-signed certificate using the hostname, it now works. Of course you'll need some DNS resolving. It's weird though that it worked with an IP.

For everyone else that maybe had the same issue. Creat new self-signed certs. Change the ./bwdata/config.yml file. Update the IP address with your hostname that you used. Continue with ./bitwarden rebuild, once finished. ./bitwarden start.

Thanks for the tip! @kspearrin

@Joentje commented on GitHub (Dec 20, 2019): So, after creating a self-signed certificate using the hostname, it now works. Of course you'll need some DNS resolving. It's weird though that it worked with an IP. For everyone else that maybe had the same issue. Creat new self-signed certs. Change the `./bwdata/config.yml` file. Update the IP address with your hostname that you used. Continue with `./bitwarden rebuild`, once finished. `./bitwarden start`. Thanks for the tip! @kspearrin
GiteaMirror commented 2025-11-26 22:33:15 -06:00
Author
Owner
Copy Link

@ghost commented on GitHub (Aug 29, 2020):

@Joentje this should really be re-opened as a bug because its impossible for everyone to configure DNS resolution with hostnames

Makes it impossible to use Bitwarden self hosted on premise otherwise

@ghost commented on GitHub (Aug 29, 2020): @Joentje this should really be re-opened as a bug because its impossible for everyone to configure DNS resolution with hostnames Makes it impossible to use Bitwarden self hosted on premise otherwise
GiteaMirror commented 2025-11-26 22:33:15 -06:00
Author
Owner
Copy Link

@ghost commented on GitHub (Aug 29, 2020):

Can you create a certificate for an IP address? I thought a hostname was required.

Self signed certificate can be generated for IP address.
Certbot Lets Encrypt require public domain name

Still this issue is a bug of IP address certificates deosnt work anymore since 2.2.7.

@ghost commented on GitHub (Aug 29, 2020): > Can you create a certificate for an IP address? I thought a hostname was required. Self signed certificate can be generated for IP address. Certbot Lets Encrypt require public domain name Still this issue is a bug of IP address certificates deosnt work anymore since 2.2.7.
GiteaMirror commented 2025-11-26 22:33:16 -06:00
Author
Owner
Copy Link

@bubonic commented on GitHub (Nov 1, 2020):

Can you create a certificate for an IP address? I thought a hostname was required.

Self signed certificate can be generated for IP address.
Certbot Lets Encrypt require public domain name

Still this issue is a bug of IP address certificates deosnt work anymore since 2.2.7.

Can confirm. After fooling around with this for several minutes and receiving the error that @Joentje reported I finally got it to work when installing bitwarden version 2.2.6 from here.

I had created a self-signed cert through the ./bitwarden.sh install using my public IP address. From there I created a p12 keystore with the command:

openssl pkcs12 -inkey private.key -in certificate.crt -export -out bitwarden.p12

Copied the keystore file, bitwarden.p12, to my android device and installed it in the user credentials.

Result: Login sucessful.

Thanks @E-Bachman !

@bubonic commented on GitHub (Nov 1, 2020): > > Can you create a certificate for an IP address? I thought a hostname was required. > > Self signed certificate can be generated for IP address. > Certbot Lets Encrypt require public domain name > > Still this issue is a bug of IP address certificates deosnt work anymore since 2.2.7. Can confirm. After fooling around with this for several minutes and receiving the error that @Joentje reported I finally got it to work when installing bitwarden version 2.2.6 from [here](https://github.com/bitwarden/mobile/releases). I had created a self-signed cert through the ./bitwarden.sh install using my public IP address. From there I created a p12 keystore with the command: `openssl pkcs12 -inkey private.key -in certificate.crt -export -out bitwarden.p12` Copied the keystore file, bitwarden.p12, to my android device and installed it in the user credentials. **Result:** Login sucessful. Thanks @E-Bachman !
GiteaMirror commented 2025-11-26 22:33:16 -06:00
Author
Owner
Copy Link

@bubonic commented on GitHub (Nov 1, 2020):

Note It didn't actually work on another device until I installed certificate.crt by itself.

@bubonic commented on GitHub (Nov 1, 2020): **Note** It didn't actually work on another device until I installed _certificate.crt_ by itself.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#886
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?