Bitwarden Andorid app error: Trust anchor for certification path not found.

Currently reading
Bitwarden Andorid app error: Trust anchor for certification path not found.

13
1
NAS
DS918+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
Hello,

I've successfully followed the tutorial from this site on how to setup Bitwarden with reverse proxy and I can access my instance externally and everything is great. However I cannot get the android app to work with my self hosted version. I have a wildcard certificate setup and I can see that in the web browser just fine. However I attempt to log in via the Android app and the error message
Code:
Exception message: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
is always returned. Does anyone have any experience with this issue?

Thanks
 
Last edited:
I would put my money on "missing intermediate CA certificates". If the chain of trust can't be validated, usualy the intermediate CA's certificates are neither known by the client application (some rely on the cacerts store of the os, some have their own) nor provided by your reverse proxy. While the chain.pem file only covers the certificate for your domain, the fullchain.pem usualy cover all additional intermediate CA's as well.

Check your certificate with SSL Server Test (Powered by Qualys SSL Labs), under the "Server Key and Certificate #1" section, it should at least have one entry for the signing CA in the "Additional Certificates (if supplied)" section and if required more intermediata CA's. Expand the "certification path" section and see, if the chain up to the root ca is included.
 
13
1
NAS
DS918+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
I would put my money on "missing intermediate CA certificates". If the chain of trust can't be validated, usualy the intermediate CA's certificates are neither known by the client application (some rely on the cacerts store of the os, some have their own) nor provided by your reverse proxy. While the chain.pem file only covers the certificate for your domain, the fullchain.pem usualy cover all additional intermediate CA's as well.

Check your certificate with SSL Server Test (Powered by Qualys SSL Labs), under the "Server Key and Certificate #1" section, it should at least have one entry for the signing CA in the "Additional Certificates (if supplied)" section and if required more intermediata CA's. Expand the "certification path" section and see, if the chain up to the root ca is included.

Thank you. Searching around I found this guide on how to achieve the intermediate CA cert. Is this over the target?

 
If you alrady have a wildcard certificate, you should already have those files.
If it's created by LE, you should have the files "cert.pem", "fullchain.pem" and "privkey.pem".
Just use fullchain.pem instead of cert.pem and you should be good.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Similar threads

Similar threads

Trending threads

Top