Created Private CA and self-signed certs that work with Chrome (markdown)

2024-06-02 03:58:58 +02:00 · 2019-07-21 23:17:08 -04:00 · 2019-07-21 23:17:08 -04:00 · e5757388b6
parent e737961faa
commit e5757388b6
1 changed files with 34 additions and 0 deletions
--- a/Private-CA-and-self-signed-certs-that-work-with-Chrome.md
+++ b/Private-CA-and-self-signed-certs-that-work-with-Chrome.md
@ -0,0 +1,34 @@
+To get bitwarden working properly with self-signed certificates, chrome needs the certificate to include the domain name in the alternative name field of the certificate.
+
+Create a CA key:
+`openssl genrsa -des3 -out myCA.key 2048`
+
+Create a CA certificate:
+`openssl req -x509 -new -nodes -key myCA.key -sha256 -days 3650 -out myCA.pem`
+
+Create a bitwarden key:
+`openssl genrsa -out bitwarden.key 2048`
+
+Create the bitwarden certificate request file:
+`openssl req -new -key bitwarden.key -out bitwarden.csr`
+
+Create a text file `bitwarden.ext` with the following, change the domain names to your setup.
+```
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = bitwarden.local
+DNS.2 = www.bitwarden.local
+```
+
+
+Create the bitwarden certificate, signed from the root CA:
+
+```
+openssl x509 -req -in bitwarden.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out bitwarden.crt -days 1825 -sha256 -extfile bitwarden.ext
+```
+
+Add the root certificate and the bitwarden certificate to client computers.