Bitwarden and iOS 12.4.8 issue!

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
stephane77
Posts: 33
Joined: Sun Nov 22, 2020 2:29 am

Re: Bitwarden and iOS 12.4.8 issue!

Post by stephane77 »

Joulinar wrote: Thu Dec 24, 2020 10:02 pm Marry Xmas @stephane77

You used the wrong source file to create the .crt file. You need to use cert.pem

Or you follow the our online docs. There is a detailed description how to download/add self signed certificate on Windows 10
https://dietpi.com/docs/software/cloud/#bitwarden_rs

PS: for iOS we are still trying to figure out best way :)
https://github.com/MichaIng/DietPi/issu ... -750883187
Happy holidays Joulinar! I'll try that and keep you posted! If I find a solution for iOS, I'll let you know. The only thing I know if it's iOS 13 and more Apple made a change on certificates with what I read so I guess it will be complicated but I love challenges! And Btw, same thing for MacOS...

Regards,
Stephane
User avatar
Joulinar
Posts: 4536
Joined: Sat Nov 16, 2019 12:49 am

Re: Bitwarden and iOS 12.4.8 issue!

Post by Joulinar »

just follow our GitHub discussion. In meantime I discovered a way for iOS 14.3. It require a manual recreation of certificates with some new options to get iOS into a state to accept the self singed certificate. (Something not yet implemented into DietPi release.)

As well I would like to invite you to assist on adjusting our online docs as we missing MacOS for instance
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
stephane77
Posts: 33
Joined: Sun Nov 22, 2020 2:29 am

Re: Bitwarden and iOS 12.4.8 issue!

Post by stephane77 »

Thanks Joulinar!

It works in Windows 10 app right away! I found out why it's failling on iOS 12 and up and as well with latest Mac OS 10 updates including new OS 11! Apple apply new restrictions to self signed certificates!
https://support.apple.com/en-us/HT211025

Your certificate in Windows 10 is good until 2040 which is fine with Microsoft but Apple, guess what, doesn't like that... !!!
As per Apple recommandation the certificate should be : "We recommend that certificates be issued with a maximum validity of 397 days."

This brings another question, can you make a new update eventually where DietPi will update certificates automatically for Bitwarden and maybe any other apps that use certificates too? Or force certificates renewal on every DietPi updates? You might eventually add a MOTD when we do SSH saying that your certificated will expire shortly, we have a new one created ready at /ssl folder... Or add a section below MOTD : Certificates notice or whatever important message you want share with your users!

Regards,
Stephane
stephane77
Posts: 33
Joined: Sun Nov 22, 2020 2:29 am

Re: Bitwarden and iOS 12.4.8 issue!

Post by stephane77 »

Joulinar wrote: Thu Dec 24, 2020 10:19 pm just follow our GitHub discussion. In meantime I discovered a way for iOS 14.3. It require a manual recreation of certificates with some new options to get iOS into a state to accept the self singed certificate. (Something not yet implemented into DietPi release.)

As well I would like to invite you to assist on adjusting our online docs as we missing MacOS for instance
I don't have Mac OS yet but I plan to get one eventually. Mac OS 11 interested me a lot (very good reviews), so for time being I can't test it! With google search on my end this is how I found out this issue about both ios and mac and even if I'm below ios 13, i'm still affected according to some users on the internet.

If I do find a possible solution, even without having a mac, I'll be more than please to share the link on the internet so any users on this forum could test it!

Regards,
Stephane
User avatar
Joulinar
Posts: 4536
Joined: Sat Nov 16, 2019 12:49 am

Re: Bitwarden and iOS 12.4.8 issue!

Post by Joulinar »

I testes a self singed certificate with a running time of 20 year without issues on my test iPhone SE running iOS 14.3.

It was accepted in profiles

IMG_0002.PNG
IMG_0002.PNG (27.31 KiB) Viewed 446 times

with a run time until 2040

IMG_0003.PNG
IMG_0003.PNG (25.66 KiB) Viewed 446 times

and I could activate it within Certificate Trust Settings

IMG_0004.PNG
IMG_0004.PNG (29.96 KiB) Viewed 446 times
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
stephane77
Posts: 33
Joined: Sun Nov 22, 2020 2:29 am

Re: Bitwarden and iOS 12.4.8 issue!

Post by stephane77 »

Hi,
It failed on iOS and install on my rpi 3 was so long... I was also having issue updating Pi-Hole and after Pi-Hole updates I could not surf anymore... I reinstall DietPi from scratch. Now Pi-Hole works properly and no surfing issue. I found a way for Bitwarden to get installed very quickly! Everything works except iOS, I can go in profile and activate it but it doesn't work. I did the following :

mkdir -p /mnt/bitwarden
mkdir -p /ssl

------------------------------------------------------------------------------
openssl genrsa -out myCA.key 2048
openssl req -x509 -new -nodes -sha256 -days 3650 -key myCA.key -out myCA.crt
openssl genpkey -algorithm RSA -out bitwarden.key -outform PEM -pkeyopt rsa_keygen_bits:2048
openssl req -new -key bitwarden.key -out bitwarden.csr
------------------------------------------------------------------------------
***************************** openssl.cnf file *******************************
------------------------------------------------------------------------------
[v3_ca]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = DNS:raspberrypi, IP:127.0.0.1, IP:192.168.1.108
------------------------------------------------------------------------------
openssl x509 -req -in bitwarden.csr -CA myCA.crt -CAkey myCA.key -CAcreateserial -out bitwarden.crt -days 365 -sha256 -extfile openssl.cnf
------------------------------------------------------------------------------
docker pull bitwardenrs/server:raspberry

docker run -d --name bitwarden \
-e ROCKET_TLS='{certs="/ssl/bitwarden.crt",key="/ssl/bitwarden.key"}' \
-v /ssl/:/ssl/ \
-v /mnt/bitwarden/:/data/ \
-v bitwarden:/config \
-p 1443:80 \
--restart always \
bitwardenrs/server:raspberry
------------------------------------------------------------------------------
I'm enabling in Profile in iOS 12 but still failling... !

Regards,
Stephane
User avatar
Joulinar
Posts: 4536
Joined: Sat Nov 16, 2019 12:49 am

Re: Bitwarden and iOS 12.4.8 issue!

Post by Joulinar »

Well you installed Bitwarden on Docker now. That's why it is fast on instalation now. DietPi was going to install it directly on your System without Docker. Quite a difference. ;)

As well your certificate is incorrectly created for iOS. You would need to set following basicConstraints=CA:TRUE,pathlen:0 https://github.com/MichaIng/DietPi/issu ... -751021278

This will do the trick on iOS. For this, a patch will be provided on next release 6.35 https://github.com/MichaIng/DietPi/comm ... 73240ed991
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply