mirror of
https://github.com/dani-garcia/bitwarden_rs
synced 2024-11-25 11:20:04 +01:00
Updated Private CA and self signed certs that work with Chrome (markdown)
parent
7c426448f0
commit
ab52b8d037
@ -14,15 +14,13 @@ Create a CA key (your own little on-premise Certificate Authority):
|
||||
```
|
||||
openssl genpkey -algorithm RSA -aes128 -out private-ca.key -outform PEM -pkeyopt rsa_keygen_bits:2048
|
||||
```
|
||||
|
||||
Note: instead of `-aes128` you could also use the older `-des3`.
|
||||
> Instead of `-aes128` you could also use the older `-des3`.
|
||||
|
||||
Create a CA certificate:
|
||||
```
|
||||
openssl req -x509 -new -nodes -sha256 -days 3650 -key private-ca.key -out self-signed-ca-cert.crt
|
||||
```
|
||||
|
||||
Note: the `-nodes` argument prevents setting a pass-phrase for the private key (key pair) in a test/safe environment, otherwise you'll have to input the pass-phrase every time you start/restart the server.
|
||||
> The `-nodes` argument prevents setting a pass-phrase for the private key (key pair) in a test/safe environment, otherwise you'll have to input the pass-phrase every time you start/restart the server.
|
||||
|
||||
Create a bitwarden key:
|
||||
```
|
||||
@ -55,9 +53,9 @@ Create the bitwarden certificate, signed from the root CA:
|
||||
```
|
||||
openssl x509 -req -in bitwarden.csr -CA self-signed-ca-cert.crt -CAkey private-ca.key -CAcreateserial -out bitwarden.crt -days 365 -sha256 -extfile bitwarden.ext
|
||||
```
|
||||
Note: As of April 2019 iOS 13+ and macOS 15+, the server certificate can not have an expiry > 825 and must include ExtendedKeyUsage extension https://support.apple.com/en-us/HT210176
|
||||
> Note: As of April 2019 iOS 13+ and macOS 15+, the server certificate can not have an expiry > 825 and must include ExtendedKeyUsage extension https://support.apple.com/en-us/HT210176
|
||||
|
||||
Note: As of Android 11, the `basicConstraints` value must be set to `CA:TRUE` in order to be importable via the Settings app.
|
||||
> Note: As of Android 11, the `basicConstraints` value must be set to `CA:TRUE` in order to be importable via the Settings app.
|
||||
|
||||
Add the root certificate and the bitwarden certificate to client computers.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user