sdgoij/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-01-16 20:50:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

updating ext file to include extendedKeyUsage and lower -days below the 825 max for macOS/iOS

stshontikidis
2020-01-18 11:36:03 -05:00
parent 97e7a0fa07
commit 9e74a89a87
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Private-CA-and-self-signed-certs-that-work-with-Chrome.md

@@ -29,6 +29,7 @@ Create a text file `bitwarden.ext` with the following content, change the domain
authorityKeyIdentifier=keyid,issuer authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names subjectAltName = @alt_names
[alt_names] [alt_names]
@@ -40,9 +41,10 @@ DNS.2 = www.bitwarden.local
Create the bitwarden certificate, signed from the root CA: Create the bitwarden certificate, signed from the root CA:
``` ```
openssl x509 -req -in bitwarden.csr -CA self-signed-ca-cert.crt -CAkey private-ca.key -CAcreateserial -out bitwarden.crt -days 3650 -sha256 -extfile bitwarden.ext openssl x509 -req -in bitwarden.csr -CA self-signed-ca-cert.crt -CAkey private-ca.key -CAcreateserial -out bitwarden.crt -days 365 -sha256 -extfile bitwarden.ext
``` ```
Note: As of April 2019 iOS 13+ and macOS 15+ can not have the server certificate have an expiry > 825 and must include ExtendedKeyUsage extension https://support.apple.com/en-us/HT210176
Add the root certificate and the bitwarden certificate to client computers. Add the root certificate and the bitwarden certificate to client computers.