From e5757388b60e3eb772d4d31e14ae6f099c459fb1 Mon Sep 17 00:00:00 2001 From: Andrew M Date: Sun, 21 Jul 2019 23:17:08 -0400 Subject: [PATCH] Created Private CA and self-signed certs that work with Chrome (markdown) --- ...self-signed-certs-that-work-with-Chrome.md | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 Private-CA-and-self-signed-certs-that-work-with-Chrome.md diff --git a/Private-CA-and-self-signed-certs-that-work-with-Chrome.md b/Private-CA-and-self-signed-certs-that-work-with-Chrome.md new file mode 100644 index 0000000..9f32351 --- /dev/null +++ b/Private-CA-and-self-signed-certs-that-work-with-Chrome.md @@ -0,0 +1,34 @@ +To get bitwarden working properly with self-signed certificates, chrome needs the certificate to include the domain name in the alternative name field of the certificate. + +Create a CA key: +`openssl genrsa -des3 -out myCA.key 2048` + +Create a CA certificate: +`openssl req -x509 -new -nodes -key myCA.key -sha256 -days 3650 -out myCA.pem` + +Create a bitwarden key: +`openssl genrsa -out bitwarden.key 2048` + +Create the bitwarden certificate request file: +`openssl req -new -key bitwarden.key -out bitwarden.csr` + +Create a text file `bitwarden.ext` with the following, change the domain names to your setup. +``` +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:FALSE +keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment +subjectAltName = @alt_names + +[alt_names] +DNS.1 = bitwarden.local +DNS.2 = www.bitwarden.local +``` + + +Create the bitwarden certificate, signed from the root CA: + +``` +openssl x509 -req -in bitwarden.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out bitwarden.crt -days 1825 -sha256 -extfile bitwarden.ext +``` + +Add the root certificate and the bitwarden certificate to client computers. \ No newline at end of file