mirror of
https://github.com/dani-garcia/bitwarden_rs
synced 2024-11-25 11:20:04 +01:00
updating ext file to include extendedKeyUsage and lower -days below the 825 max for macOS/iOS
parent
97e7a0fa07
commit
9e74a89a87
@ -29,6 +29,7 @@ Create a text file `bitwarden.ext` with the following content, change the domain
|
||||
authorityKeyIdentifier=keyid,issuer
|
||||
basicConstraints=CA:FALSE
|
||||
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[alt_names]
|
||||
@ -40,8 +41,9 @@ DNS.2 = www.bitwarden.local
|
||||
Create the bitwarden certificate, signed from the root CA:
|
||||
|
||||
```
|
||||
openssl x509 -req -in bitwarden.csr -CA self-signed-ca-cert.crt -CAkey private-ca.key -CAcreateserial -out bitwarden.crt -days 3650 -sha256 -extfile bitwarden.ext
|
||||
openssl x509 -req -in bitwarden.csr -CA self-signed-ca-cert.crt -CAkey private-ca.key -CAcreateserial -out bitwarden.crt -days 365 -sha256 -extfile bitwarden.ext
|
||||
```
|
||||
Note: As of April 2019 iOS 13+ and macOS 15+ can not have the server certificate have an expiry > 825 and must include ExtendedKeyUsage extension https://support.apple.com/en-us/HT210176
|
||||
|
||||
Add the root certificate and the bitwarden certificate to client computers.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user