Chrome SSL, Brave SSL, concepts, misc edits

2026-03-30 12:11:57 +00:00 · 2022-01-29 01:55:01 -07:00
parent 7b98cc3fc4
commit 5be68f6a40
15 changed files with 91 additions and 51 deletions
--- a/site/source/support/user-manual/configuration/lan-setup/lan-browser/lan-brave.rst
+++ b/site/source/support/user-manual/configuration/lan-setup/lan-browser/lan-brave.rst
@@ -24,16 +24,23 @@ Brave
        :width: 60%
        :alt: Brave Security settings page

-#. If you see a trusted “Embassy Local Root CA”, open a new tab to apply the certificate. If this does not work, quit and restart Brave.
+#. If you **EITHER** see "org-Start9" with a trusted “Embassy Local Root CA” listed under it, open a new tab to apply the certificate. If this does not work, quit and restart Chrome.
+
+    **OR**
+
+#. If you do not see "org-Start9"in the list, ensure the certificate is properly set up on your computer system.  Otherwise, click “Import” and open the downloaded ``Embassy Local Root CA.crt`` file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps <lan-os>`.

-#. If you do not see a trusted “Embassy Local Root CA” certificate in the list, ensure the certificate is properly set up on your computer system.

    .. figure:: /_static/images/ssl/browser/brave_view_certs.svg
        :width: 60%
        :alt: Brave Manage Certificates sub-menu on MacOS

+    Check the box for "Trust this certificate for identitying websites" and click "OK"
+
 #. Obtain the LAN address that was provided at the end of your initial Embassy setup, or from the :ref:`Embassy tab<embassy-tab>` -> ``About`` (Under ``Insights``) and enter it in a new tab.

-#. You can now securely navigate to your Embassy over HTTPS!
+    .. tip:: You may need to restart the browser

-.. note:: Additionally, you can start a Brave private window with Tor to visit the Tor address over HTTPS (unnecessary in principle, but will circumvent annoying browser warnings).
+#. You will see a green padlock and ``https://`` to the left of the URL bar.  You can now securely navigate to your Embassy on your :ref:`LAN<lan>` with :ref:`HTTPS<ssl>`!
+
+.. note:: Additionally, you can start a Brave private window with Tor to visit the Tor address over HTTPS (unnecessary in principle, but will circumvent annoying browser warnings).
--- a/site/source/support/user-manual/configuration/lan-setup/lan-browser/lan-chrome.rst
+++ b/site/source/support/user-manual/configuration/lan-setup/lan-browser/lan-chrome.rst
@@ -4,8 +4,46 @@
 Chrome
 ======

-#. Once you have followed the steps to setup your device, open a new tab to apply the certificate. If this does not work, quit and restart Chrome.
+.. caution:: You will first need to complete :ref:`LAN Setup<lan-os>` for your device before continuing.

-#. Obtain the LAN address provided in the Setup App and enter it in the URL bar.
+.. tip:: The following guide also works with Chromium and Vivaldi.

-#. You can now securely navigate to your Embassy over HTTPS!
+#. Open a new tab in Chrome and navigate to ``chrome://settings/certificates``.
+
+    .. figure:: /_static/images/ssl/browser/chrome_settings.svg
+        :width: 60%
+        :alt: Chrome Certificates Settings page
+
+#. Click on the "Authorities" tab.
+
+    .. figure:: /_static/images/ssl/browser/chrome_authorities.svg
+        :width: 60%
+        :alt: Chrome Certificate Authorities page
+
+#. You will **EITHER** see "org-Start9" with a trusted “Embassy Local Root CA” listed under it,
+
+    .. figure:: /_static/images/ssl/browser/chrome_s9ca.svg
+        :width: 60%
+        :alt: Start9 Certificate Authority
+
+    in which case, open a new tab to apply the certificate. If this does not work, quit and restart Chrome.
+
+    **OR**
+
+#. If you do not see "org-Start9"in the list, ensure the certificate is properly set up on your computer system.  Otherwise, click “Import” and open the downloaded ``Embassy Local Root CA.crt`` file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps <lan-os>`.
+
+    .. figure:: /_static/images/ssl/browser/chrome_trust.svg
+        :width: 60%
+        :alt: Trust the CA
+
+    Check the box for "Trust this certificate for identitying websites" and click "OK"
+
+#. Obtain the LAN address that was provided at the end of your initial Embassy setup, or from the :ref:`Embassy tab<embassy-tab>` -> ``About`` (Under ``Insights``) and enter it in a new tab.
+
+    .. tip:: You may need to restart the browser
+
+    .. figure:: /_static/images/ssl/browser/chrome_https.svg
+        :width: 60%
+        :alt: Success
+
+#. You will see a green padlock and ``https://`` to the left of the URL bar.  You can now securely navigate to your Embassy on your :ref:`LAN<lan>` with :ref:`HTTPS<ssl>`!
--- a/site/source/support/user-manual/configuration/lan-setup/lan-browser/lan-ff.rst
+++ b/site/source/support/user-manual/configuration/lan-setup/lan-browser/lan-ff.rst
@@ -22,7 +22,7 @@ Firefox

 #. Select the "Authorities" tab from the "Certificate Manager".

-#. Click “Import” and open the downloaded *Embassy Local Root CA.crt* file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps <ssl-setup>`.
+#. Click “Import” and open the downloaded ``Embassy Local Root CA.crt`` file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps <ssl-setup>`.

 #. When prompted, check “Trust this CA to identity websites” and select “OK”.