Bitwarden Andorid app error: Trust anchor for certification path not found.

Currently reading
Bitwarden Andorid app error: Trust anchor for certification path not found.

13
1
NAS
DS918+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
Hello,

I've successfully followed the tutorial from this site on how to setup Bitwarden with reverse proxy and I can access my instance externally and everything is great. However I cannot get the android app to work with my self hosted version. I have a wildcard certificate setup and I can see that in the web browser just fine. However I attempt to log in via the Android app and the error message
Code:
Exception message: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
is always returned. Does anyone have any experience with this issue?

Thanks
 
Last edited:
I would put my money on "missing intermediate CA certificates". If the chain of trust can't be validated, usualy the intermediate CA's certificates are neither known by the client application (some rely on the cacerts store of the os, some have their own) nor provided by your reverse proxy. While the chain.pem file only covers the certificate for your domain, the fullchain.pem usualy cover all additional intermediate CA's as well.

Check your certificate with SSL Server Test (Powered by Qualys SSL Labs), under the "Server Key and Certificate #1" section, it should at least have one entry for the signing CA in the "Additional Certificates (if supplied)" section and if required more intermediata CA's. Expand the "certification path" section and see, if the chain up to the root ca is included.
 
13
1
NAS
DS918+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
I would put my money on "missing intermediate CA certificates". If the chain of trust can't be validated, usualy the intermediate CA's certificates are neither known by the client application (some rely on the cacerts store of the os, some have their own) nor provided by your reverse proxy. While the chain.pem file only covers the certificate for your domain, the fullchain.pem usualy cover all additional intermediate CA's as well.

Check your certificate with SSL Server Test (Powered by Qualys SSL Labs), under the "Server Key and Certificate #1" section, it should at least have one entry for the signing CA in the "Additional Certificates (if supplied)" section and if required more intermediata CA's. Expand the "certification path" section and see, if the chain up to the root ca is included.

Thank you. Searching around I found this guide on how to achieve the intermediate CA cert. Is this over the target?

 
If you alrady have a wildcard certificate, you should already have those files.
If it's created by LE, you should have the files "cert.pem", "fullchain.pem" and "privkey.pem".
Just use fullchain.pem instead of cert.pem and you should be good.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
Indeed. You would need to delete it from the org and then recreate it in your personal vault to recapture...
Replies
2
Views
161
  • Question
https://bitwarden.dadsnas.i234.me:443 still directs to DSM login screen. I did not have "automatically...
Replies
11
Views
299
  • Question
I read the title as “why doesn't my entire Bitwarden vault explode? And I kept looking at it while zoned...
Replies
6
Views
659
  • Solved
I've changed the thread type. Now you can Mark as solution by clicking on this: Thank you.
Replies
6
Views
825
Setup of BW will take a few minutes then you will achieve free of charge full version of your own host for...
Replies
22
Views
5,515

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top