After spending all day setting up Bitwarden I ran into a roadblock getting the iOS app to work with it. I get an SSL error because my cert doesn’t have the EKU value they want. I use OPNsense for my CA, and it doesn’t have the ability to generate this value on a cert as far as I can tell. I really don’t want to stand up another CA just to get this one app working. It’s the only thing I’ve found a hard block on with using my internal CA in all my years of homelabbing.
The hilarious thing is that Safari on the same device will connect to my Bitwarden website with no issue - it thinks the cert is fine. Way to go, Apple.
This is mostly just a rant against Apple, but it would be nice if Bitwarden could bypass this by allowing you to trust your own cert inside the iOS app so you’re not beholden to Apple’s stupid requirements.