mirror of
https://github.com/dani-garcia/vaultwarden
synced 2024-09-27 21:08:55 +02:00
Updated Private CA and self signed certs that work with Chrome (markdown)
parent
7c426448f0
commit
ab52b8d037
1 changed files with 4 additions and 6 deletions
|
@ -14,15 +14,13 @@ Create a CA key (your own little on-premise Certificate Authority):
|
||||||
```
|
```
|
||||||
openssl genpkey -algorithm RSA -aes128 -out private-ca.key -outform PEM -pkeyopt rsa_keygen_bits:2048
|
openssl genpkey -algorithm RSA -aes128 -out private-ca.key -outform PEM -pkeyopt rsa_keygen_bits:2048
|
||||||
```
|
```
|
||||||
|
> Instead of `-aes128` you could also use the older `-des3`.
|
||||||
Note: instead of `-aes128` you could also use the older `-des3`.
|
|
||||||
|
|
||||||
Create a CA certificate:
|
Create a CA certificate:
|
||||||
```
|
```
|
||||||
openssl req -x509 -new -nodes -sha256 -days 3650 -key private-ca.key -out self-signed-ca-cert.crt
|
openssl req -x509 -new -nodes -sha256 -days 3650 -key private-ca.key -out self-signed-ca-cert.crt
|
||||||
```
|
```
|
||||||
|
> The `-nodes` argument prevents setting a pass-phrase for the private key (key pair) in a test/safe environment, otherwise you'll have to input the pass-phrase every time you start/restart the server.
|
||||||
Note: the `-nodes` argument prevents setting a pass-phrase for the private key (key pair) in a test/safe environment, otherwise you'll have to input the pass-phrase every time you start/restart the server.
|
|
||||||
|
|
||||||
Create a bitwarden key:
|
Create a bitwarden key:
|
||||||
```
|
```
|
||||||
|
@ -55,9 +53,9 @@ Create the bitwarden certificate, signed from the root CA:
|
||||||
```
|
```
|
||||||
openssl x509 -req -in bitwarden.csr -CA self-signed-ca-cert.crt -CAkey private-ca.key -CAcreateserial -out bitwarden.crt -days 365 -sha256 -extfile bitwarden.ext
|
openssl x509 -req -in bitwarden.csr -CA self-signed-ca-cert.crt -CAkey private-ca.key -CAcreateserial -out bitwarden.crt -days 365 -sha256 -extfile bitwarden.ext
|
||||||
```
|
```
|
||||||
Note: As of April 2019 iOS 13+ and macOS 15+, the server certificate can not have an expiry > 825 and must include ExtendedKeyUsage extension https://support.apple.com/en-us/HT210176
|
> Note: As of April 2019 iOS 13+ and macOS 15+, the server certificate can not have an expiry > 825 and must include ExtendedKeyUsage extension https://support.apple.com/en-us/HT210176
|
||||||
|
|
||||||
Note: As of Android 11, the `basicConstraints` value must be set to `CA:TRUE` in order to be importable via the Settings app.
|
> Note: As of Android 11, the `basicConstraints` value must be set to `CA:TRUE` in order to be importable via the Settings app.
|
||||||
|
|
||||||
Add the root certificate and the bitwarden certificate to client computers.
|
Add the root certificate and the bitwarden certificate to client computers.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue