Generate licence for off-line installation?

[tfboy]

In a test environment, I installed Bitwarden using the normal process, but realised after a while that the containers weren't "healthy" and things didn't work. This was because it was an installation with no internet access (I manually imported the docker images). After speaking to Bitwarden support, they did say it's normal and for installations with no Internet access, you need to follow a different "off-line" installation. It's documented here: https://bitwarden.com/help/install-and-deploy-offline/

This installation seems to use a self-signed / generated CA for the identity / SSO part. As this is not linked to Bitwarden's official CA, can we not use this instead and generate a recognised licence?

I tried having a go doing this: made a fresh true "off-line" installation, but used the PFX created as part of the install as the PFX for generating the licence and wasn't successful, but I didn't debug it much. If this worked, this would negate the need to generate a Bitbetter certificate and modify the source files to accept the modified one.

Is this not possible?

[Ayitaka]

[tfboy]

I understand that.
In the case of the offline install, you are asked to create an Identity Server certificate, see steps 3 to 5. This isn't something that's done with a normal install. That certificate is different to the certificate used for the TLS webserver side of things.
But I suppose the licensing stuff is hard-coded into the identity container and not related to the identity server certificate that you manually create?

[Ayitaka]

Apologies. The obvious difference is that the -pass for BitBetter is hard coded to 'test' (without the quotes). Did you use that for the -pass for your offline cert as well? Or you will need to change it, from 'test' to whatever you used for your offline certificate, in the .keys/generate-keys.sh script.

[captainhook]

I just had a quick look at the commands to create the Identity server certificate for offline install and compared it to the commands used to generate the licensing one but I can't see a difference immediately...

What error do you get when you use the same pfx for license gen?

[tfboy]

Hi @captainhook , sorry, just coming round to testing this again.
I don't have a useful error, when I upload the generated .json file, I just get an "An error has ocurred. Invalid license".
I can't seem to see any detailed logs - if I run the docker-compose file in the foreground, there doesn't appear to be any logging when I click ont he "Submit" button...

In order to generate the licence, I grabbed the identity.pfx file generated when installing the offline version, ensuring "test" was the password. I then just ran : $ ./run.sh /home/user/identity.pfs interactive.

Using my install ID, a valid username with a verified email address.