diff --git a/source/contributing/services/backups.rst b/source/contributing/services/backups.rst new file mode 100644 index 0000000..87d6e6b --- /dev/null +++ b/source/contributing/services/backups.rst @@ -0,0 +1,29 @@ +.. _service_backups: + +*************** +Service Backups +*************** + +Everything within the root of the mounted volume directory will be stored in an EmbassyOS backup. This includes the config (config.yaml) and properties (stats.yaml) files, as well as any other persisted data within the volume directory. + +For restoration purposes, it might be beneficial to ignore certain files or folders. For instance, ignore the shared/public folder that is mounted for dependencies that expose this feature as it causes data inconsistencies on restore. + +In this case, create a `.backupignore` file. This file contains a list of relative paths to the ignored files. + + +Example +======= + +The `btcpayserver wrapper `_ demonstrates a good use of a backupignore template. + +Ultimately, ``/datadir/.backupignore`` gets populated with: + +.. code:: + + /root/volumes/btcpayserver/start9/public + /root/volumes/btcpayserver/start9/shared + +.. role:: raw-html(raw) + :format: html + +:raw-html:`
` \ No newline at end of file diff --git a/source/contributing/services/index.rst b/source/contributing/services/index.rst index e0f8794..dca0b86 100644 --- a/source/contributing/services/index.rst +++ b/source/contributing/services/index.rst @@ -31,6 +31,7 @@ Happy building! Config Properties Instructions + Backups Submission process ------------------ diff --git a/source/contributing/services/wrapper.rst b/source/contributing/services/wrapper.rst index 6104e9d..e4ebad3 100644 --- a/source/contributing/services/wrapper.rst +++ b/source/contributing/services/wrapper.rst @@ -26,16 +26,12 @@ The project structure should be used as a model: ├── Dockerfile ├── Makefile (optional) ├── README.md - ├── assets - │ ├── httpd.conf (optional) - │ └── httpd.conf.template (optional) ├── config_rules.yaml ├── config_spec.yaml ├── ├── docker_entrypoint.sh ├── docs │ └── instructions.md - ├── instructions.md -> docs/instructions.md (symlink) └── manifest.yaml Submodule @@ -43,20 +39,4 @@ Submodule `Git sub-modules `_ allow use of another project while in the working project directory. Setting up this feature enables linking of the source service repository so that it's context is available. -Run ``git submodule add `` - -Assets -====== - -.. warning:: - - *This section is being deprecated in favor of baking assets into the Docker image, and moved into the mountpoint at runtime if necessary* - -Whenever a service is stopped, any file that is not contained within in the ``/assets`` directory will be cleared from memory. Any unsaved changes will be reverted. This folder acts as a persistance storage container. - -In this folder belongs any assets that are unique configurations to your service. For instance, bitcoind's ``.conf`` file is saved here. - -.. role:: raw-html(raw) - :format: html - -:raw-html:`
` \ No newline at end of file +Run ``git submodule add `` \ No newline at end of file diff --git a/source/getting-started/diy.rst b/source/getting-started/diy.rst index 34a4dd4..21ab8c0 100644 --- a/source/getting-started/diy.rst +++ b/source/getting-started/diy.rst @@ -43,11 +43,11 @@ Components Assembly Instructions --------------------- -1. Insert mini speaker/buzzer into GPIO pins 6/8/10/12 with the word "speaker" facing out, `away from the board`. +#. Insert mini speaker/buzzer into GPIO pins 6/8/10/12 with the word "speaker" facing out, `away from the board`. -.. figure:: /_static/images/diy/pins.png - :width: 60% - :alt: Speaker board spec + .. figure:: /_static/images/diy/pins.png + :width: 60% + :alt: Speaker board spec That's it. Place the Raspberry Pi 4 board (with speaker attached), into its case. @@ -76,18 +76,18 @@ Installing EmbassyOS Whether you purchase EmbassyOS from us or build it yourself, you need to flash it onto a microSD card. -1. Download `balenaEtcher `_ onto your Mac, Windows, or Linux computer. -2. Insert the microSD card into your computer, either directly or using an adapter. -3. Open balenaEtcher. -4. Click `Select Image`, then find and select your copy of EmbassyOS. -5. Click `Select Target`, then find and select your micro SD card. -6. Click `Flash!` You may be asked to (1) approve the unusually large disk target or (2) enter your password. Both are normal. +#. Download `balenaEtcher `_ onto your Mac, Windows, or Linux computer. +#. Insert the microSD card into your computer, either directly or using an adapter. +#. Open balenaEtcher. +#. Click `Select Image`, then find and select your copy of EmbassyOS. +#. Click `Select Target`, then find and select your micro SD card. +#. Click `Flash!` You may be asked to (1) approve the unusually large disk target or (2) enter your password. Both are normal. -.. figure:: /_static/images/diy/balena.png - :width: 60% - :alt: Balena Etcher Dashboard + .. figure:: /_static/images/diy/balena.png + :width: 60% + :alt: Balena Etcher Dashboard -7. Once the image is flashed and verified, you may remove the micro SD and insert it into your Embassy. -8. The Embassy is now ready for use, and you may following the normal :ref:`setup ` instructions. ``*`` +#. Once the image is flashed and verified, you may remove the micro SD and insert it into your Embassy. +#. The Embassy is now ready for use, and you may following the normal :ref:`setup ` instructions. ``*`` ``*`` The first time you power it on, your Embassy will make more noises than future attempts, and it may take several minutes to finally complete. \ No newline at end of file diff --git a/source/support/faq.rst b/source/support/faq.rst index a9bbce4..4376fd5 100644 --- a/source/support/faq.rst +++ b/source/support/faq.rst @@ -46,7 +46,7 @@ The list of services will grow rapidly over the coming months, such that many th What is EmbassyOS? ------------------ -EmbassyOS is a new kind of Operating System (OS). It is built from the ground up to allow anyone to easily run thier own ‘cloud,’ become independent from Big Tech, and own their own data. EmbassyOS allows anyone to easily self-host their own software services. +EmbassyOS is a new kind of Operating System (OS). It is built from the ground up to allow anyone to easily run their own ‘cloud,’ become independent from Big Tech, and own their own data. EmbassyOS allows anyone to easily self-host their own software services. EmbassyOS is a custom-built Linux distribution, which is a stripped down and beefed up version of `Raspbian Buster Lite OS `_, along with a suite of software tools which make it easy to: @@ -86,7 +86,9 @@ What are you using for a store backend? Do you store my data? -------------------------------------------------------------- Here is our exact situation currently: Embassy device sales are processed through Shopify, which we do not like, but it was expedient in the early days, especially for shipping, so we went with it. Aside from a master list of email addresses for those who have explicitly opted in to our mailing list, all customer data is contained within Shopify. We do not duplicate it anywhere. We are asking Shopify to delete our customer data, but they claim it will take upward of 3 months to comply and we of course have no guarantee the data will actually be deleted permanently. This is partly why we exist...as such, we will be moving off of Shopify and onto a self-hosted solution, where Start9 alone controls our customer data for Embassy purchases, which we will delete as a matter of policy following a short grace period after delivery. + For EmbassyOS sales, we took the maximally private approach right out of the gate. When you buy EmbassyOS, the only thing we need is an email address, and you can only pay with bitcoin. That's it. Then, unless you have explicitly requested that we keep your email for mailing list purposes, we delete the email immediately upon transaction completion. + So...in summary: (1) the shipping data we currently have is stored in Shopify (2) we are asking Shopify to delete all our customer data (3) we will be migrating off of Shopify (4) going forward, we alone will control customer data and will purge it regularly (5) you can always assemble the hardware yourself and just buy EmbassyOS from us with bitcoin, which only requires an email, which is gets purged immediately. I want to help, but I'm not a developer. Are there any ways for non-coders to contribute? @@ -140,7 +142,7 @@ I run a business, can I use an Embassy for tasks such as password management and ---------------------------------------------------------------------------------------------- Absolutely. An Embassy would be a great addition to any business as it is easy to use and provides services that you control, with no subscription fees. -With the addition of `BTCPayServer `_, you can even run your own payment processor and accept cryptocurrency payments with no third party necessary! +With the addition of `BTCPay Server `_, you can even run your own payment processor and accept cryptocurrency payments with no third party necessary! Can I have multiple users on my Embassy? ---------------------------------------- @@ -168,7 +170,7 @@ Maybe, but we advise against this. It is designed to be used on a RaspberryPi. Is it possible to use the EmbassyOS on my own hardware? ------------------------------------------------------- -Yes! You can follow the diy guide :ref:`here `. This option is great for people who already own the necessary hardware or who live outside the US and want to save on shipping and customs fees. +Yes! The :ref:`diy guide ` will take you through the setup steps. This option is great for people who already own the necessary hardware or who live outside the US and want to save on shipping and customs fees. Additionally, EmbassyOS is available to build from source under the Start9 Personal Use License. If you have the time and energy, it is possible to download and compile EmbassyOS yourself, for free, with the caveat that your “Embassy” will not have a product key generated by us. This means you will miss out on the perks that come along with purchasing from us, which will grow over time. @@ -184,7 +186,7 @@ Are my Internet requests anonymous and secure? ---------------------------------------------- EmbassyOS and every service on the Embassy serve their own Tor Hidden Services with unique Tor addresses. The private keys used to create these addresses are generated on your phone or computer when you first set up the Embassy. No one, not even Start9, has any idea what your Tor addresses are, let alone the password(s) you choose to authenticate with them. -Can multiple Embassys be setup to run redundantly in physically separate locations? +Can multiple Embassies be setup to run redundantly in physically separate locations? ----------------------------------------------------------------------------------- Soon (tm). Currently no, be we have plans for a feature that will enable Embassies to provide encrypted, automated backup services for one another. @@ -216,7 +218,8 @@ The Embassy’s current primary communication is Tor, yes. In many cases we use What if someone gets physical access to my device, can they read the contents? Is it encrypted? ----------------------------------------------------------------------------------------------- The device is currently not currently protected in that way. Someone with physical access to the device can get full access to everything on it. -Apps like bitwarden however do not store plaintext information, so your passwords will not be compromised unless they know your master password. + +Apps like Bitwarden however do not store plaintext information, so your passwords will not be compromised unless they know your master password. Why http and not https for .onion websites? ------------------------------------------- @@ -236,7 +239,7 @@ After plugging into power and internet, you will hear 2 distinct sounds: first, What if I can't connect to my Embassy? -------------------------------------- -Please ensure your phone / computer is connected to the same wired or wireless network as your Embassy. Be careful that you are not on a seperate or "guest" network. +Please ensure your phone / computer is connected to the same wired or wireless network as your Embassy. Be careful that you are not on a separate or "guest" network. Can I use the Embassy from behind a VPN, for example, if my router has a built-in VPN? -------------------------------------------------------------------------------------- @@ -322,7 +325,7 @@ The block index error is normal and goes away after the Bitcoin blockchain has s Does the Embassy run a full archival Bitcoin node? -------------------------------------------------- The Embassy runs a full node, but does not run a full *archival* node, it's pruned. This means it does not store the entire Blockchain. As it syncs, it discards blocks and transactions it does not need. -It is fully validating and verifying consensus all the way from Genesis. Really, the only reason to store the entire Blockchain is if you want to run a block explorer. Learn more :ref:`here `. +It is fully validating and verifying consensus all the way from Genesis. Really, the only reason to store the entire Blockchain is if you want to run a block explorer. Learn more here: :ref:`node`. What actions, specifically, are only possible with an archival, or ‘unpruned’ node? ----------------------------------------------------------------------------------- diff --git a/source/user-manual/general/lan-setup/browser.rst b/source/user-manual/general/lan-setup/browser.rst index ffd7140..0e02e21 100644 --- a/source/user-manual/general/lan-setup/browser.rst +++ b/source/user-manual/general/lan-setup/browser.rst @@ -6,87 +6,84 @@ Browser .. warning:: Make sure you have completed setup on your :ref:`device ` before continuing! -.. note:: - Some browsers (such as Firefox) may emit a "Warning: Potential Security Risk Ahead". This is because the SSL Certificate issued from your Embassy is not from a registered certificate authority. Usually, this warning is a valid concern, but in the case of accessing a service over LAN from your Embassy, select "Advanced" and "Accept the Risk and Continue". - .. _brave: Brave ===== -1. Navigate to your Brave Settings in a new tab. +#. Navigate to your Brave Settings in a new tab. -2. On the left hand sidebar, navigate to *Additional Settings > Privacy and Security*. +#. On the left hand sidebar, navigate to *Additional Settings > Privacy and Security*. -3. Add the bottom of the section, select "Manage Certificates". +#. Add the bottom of the section, select "Manage Certificates". -.. figure:: /_static/images/ssl/browser/brave_security_settings.png - :width: 90% - :alt: Brave privacy and security settings page + .. figure:: /_static/images/ssl/browser/brave_security_settings.png + :width: 90% + :alt: Brave privacy and security settings page -4. If you see a trusted “Embassy Local Root CA”, open a new tab to apply the certificate. If this does not work, quit and restart Brave. +#. If you see a trusted “Embassy Local Root CA”, open a new tab to apply the certificate. If this does not work, quit and restart Brave. -5. If you do not see a trusted “Embassy Local Root CA” certificate in the list, ensure the certificate is properly set up on your computer system. +#. If you do not see a trusted “Embassy Local Root CA” certificate in the list, ensure the certificate is properly set up on your computer system. -.. figure:: /_static/images/ssl/browser/brave_view_certs.png - :width: 90% - :alt: Brave Manage Certificates sub-menu on MacOS + .. figure:: /_static/images/ssl/browser/brave_view_certs.png + :width: 90% + :alt: Brave Manage Certificates sub-menu on MacOS -6. Obtain the LAN address provided in the Setup App and enter it in a new tab. +#. Obtain the LAN address provided in the Setup App and enter it in a new tab. -7. You can now securely navigate to your Embassy over HTTPS! +#. You can now securely navigate to your Embassy over HTTPS! -8. Additionally, you can start a Brave private window with Tor to visit the Tor address over HTTPS (unnecessary in principle, but will circumvent annoying browser warnings). +#. Additionally, you can start a Brave private window with Tor to visit the Tor address over HTTPS (unnecessary in principle, but will circumvent annoying browser warnings). .. _chrome: Chrome ====== -1. Once you have followed the steps to setup your device, open a new tab to apply the certificate. If this does not work, quit and restart Chrome. +#. Once you have followed the steps to setup your device, open a new tab to apply the certificate. If this does not work, quit and restart Chrome. -2. Obtain the LAN address provided in the Setup App and enter it in the URL bar. +#. Obtain the LAN address provided in the Setup App and enter it in the URL bar. -3. You can now securely navigate to your Embassy over HTTPS! +#. You can now securely navigate to your Embassy over HTTPS! .. _firefox: Firefox ======== -1. Navigate to your Firefox Settings in a new tab. +#. Navigate to your Firefox Settings in a new tab. -2. Select “Privacy and Security” from the left hand navigation menu. +#. Select “Privacy and Security” from the left hand navigation menu. -3. Scroll all the way to the bottom of the page and select “View Certificates”. +#. Scroll all the way to the bottom of the page and select “View Certificates”. -.. figure:: /_static/images/ssl/browser/firefox_security_settings.png - :width: 90% - :alt: Firefox security settings + .. figure:: /_static/images/ssl/browser/firefox_security_settings.png + :width: 90% + :alt: Firefox security settings - Firefox privacy and security settings page + Firefox privacy and security settings page -4. Select the "Authorities" tab from the "Certificate Manager". +#. Select the "Authorities" tab from the "Certificate Manager". -5. Click “Import” and open the downloaded *Embassy Local Root CA.crt* file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps `. +#. Click “Import” and open the downloaded *Embassy Local Root CA.crt* file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps `. -6. When prompted, check “Trust this CA to identity websites” and select “OK”. +#. When prompted, check “Trust this CA to identity websites” and select “OK”. -.. figure:: /_static/images/ssl/browser/firefox_security_settings.png - :width: 90% - :alt: Firefox import cert + .. figure:: /_static/images/ssl/browser/firefox_security_settings.png + :width: 90% + :alt: Firefox import cert - Firefox import certificate page + Firefox import certificate page -7. Ensure the “Embassy Local Root CA” exists under “Start9 Labs”. +#. Ensure the “Embassy Local Root CA” exists under “Start9 Labs”. -8. Click “OK” to save. +#. Click “OK” to save. -9. Open a new tab in Firefox to apply the changes. If this does not work, quit and restart Firefox. +#. Open a new tab in Firefox to apply the changes. If this does not work, quit and restart Firefox. -10. Navigate to the LAN address provided in the Setup App. +#. Navigate to the LAN address provided in the Setup App. -11. You can now securely navigate to your Embassy over HTTPS! +#. You can now securely navigate to your Embassy over HTTPS! .. _safari: diff --git a/source/user-manual/general/lan-setup/desktop.rst b/source/user-manual/general/lan-setup/desktop.rst index 71610de..ec7fb99 100644 --- a/source/user-manual/general/lan-setup/desktop.rst +++ b/source/user-manual/general/lan-setup/desktop.rst @@ -8,172 +8,180 @@ Operating Systems MacOS ----- -1. Visit your Embassy at its Tor Address. +#. Visit your Embassy at its Tor Address. -2. Navigate to --> Embassy --> Connect Over LAN +#. Navigate to --> Embassy --> Connect Over LAN -.. figure:: /_static/images/embassy_lan_setup.png - :width: 90% - :alt: LAN setup menu item + .. figure:: /_static/images/embassy_lan_setup.png + :width: 90% + :alt: LAN setup menu item - Select the "Connect over LAN" menu item + Select the "Connect over LAN" menu item -3. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine. +#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine. -.. figure:: /_static/images/secure_lan_setup_page.png - :width: 90% - :alt: LAN setup page + .. figure:: /_static/images/secure_lan_setup_page.png + :width: 90% + :alt: LAN setup page - Select the "Root Certificate Authority" sub menu + Select the "Root Certificate Authority" sub menu -4. Select the option to open your key with Keychain Access. If you choose to save file, double click on it once downloaded. +#. Select the option to open your key with Keychain Access. If you choose to save file, double click on it once downloaded. -.. figure:: /_static/images/secure_lan_setup_prompt.png - :width: 90% - :alt: LAN setup prompt + .. figure:: /_static/images/secure_lan_setup_prompt.png + :width: 90% + :alt: LAN setup prompt - Open with "Keychain Access" and select "OK" + Open with "Keychain Access" and select "OK" -5. Enter your computer password when prompted. It will be imported into your computer’s keychain. +#. Enter your computer password when prompted. It will be imported into your computer’s keychain. -.. figure:: /_static/images/ssl/macos/certificate_untrusted.png - :width: 90% - :alt: Keychain access import menu + .. figure:: /_static/images/ssl/macos/certificate_untrusted.png + :width: 90% + :alt: Keychain access import menu - Keychain access import menu + Keychain access import menu -If the keychain console did not open, press "Command + spacebar" and type “Keychain Access”, and hit enter to open it. +#. If the keychain console did not open, press "Command + spacebar" and type “Keychain Access”, and hit enter to open it. -6. Navigate to the "System" tab and find the certificate entitled “Embassy Local Root CA”. +#. Navigate to the "System" tab and find the certificate entitled “Embassy Local Root CA”. -7. Double click on this certificate. A second window will pop up. +#. Double click on this certificate. A second window will pop up. -8. Open the “Trust” dropdown and select “Always Trust” from the dropdown next to “when using this certificate”. +#. Open the “Trust” dropdown and select “Always Trust” from the dropdown next to “when using this certificate”. -.. figure:: /_static/images/ssl/macos/always_trust.png - :width: 90% - :alt: Keychain submenu + .. figure:: /_static/images/ssl/macos/always_trust.png + :width: 90% + :alt: Keychain submenu - Select "Always trust" under SSL dropdown for Embassy Local CA + Select "Always trust" under SSL dropdown for Embassy Local CA -9. Close this window and enter your password to apply the settings. +#. Close this window and enter your password to apply the settings. -10. The “Embassy Local Root CA” cert will now read “This certificate is marked as trusted for all users” in Keychain Access. +#. The “Embassy Local Root CA” cert will now read “This certificate is marked as trusted for all users” in Keychain Access. -.. figure:: /_static/images/ssl/macos/certificate_trusted.png - :width: 90% - :alt: Keychain menu trusted certificate + .. figure:: /_static/images/ssl/macos/certificate_trusted.png + :width: 90% + :alt: Keychain menu trusted certificate - Trusted Embassy Local CA certificate + Trusted Embassy Local CA certificate -11. Open to your favorite browser to import this certificate and follow the steps for :ref:`supported browsers `. +#. Open to your favorite browser to import this certificate and follow the steps for :ref:`supported browsers `. Windows ------- -1. Install `Bonjour Print Services `_ on your Windows machine. This is necessary in order to visit .local addresses on Windows. +#. Install `Bonjour Print Services `_ on your Windows machine. This is necessary in order to visit .local addresses on Windows. +#. If you are having issues running Bonjour after installing, you might have had Bonjour previously installed. To fix: -2. Visit your Embassy at its Tor Address. + #. Check out this video: https://www.youtube.com/watch?v=9ECCB3bqNDQ + #. UNinstall Bonjour completely via ``system settings -> remove programs`` + #. Reinstall Bonjour Printer Driver package (download at https://support.apple.com/kb/DL999?locale=en_US) + #. Restart Windows + #. Note: Uninstalling Bonjour via the setup package seems to be not enough to solve the issue. Bonjour must be uninstalled via windows system settings. + +#. Visit your Embassy at its Tor Address. -3. Navigate to --> Embassy --> Connect Over LAN +#. Navigate to --> Embassy --> Connect Over LAN -.. figure:: /_static/images/embassy_lan_setup.png - :width: 90% - :alt: LAN setup menu item + .. figure:: /_static/images/embassy_lan_setup.png + :width: 90% + :alt: LAN setup menu item - Select the "Connect over LAN" menu item + Select the "Connect over LAN" menu item -4. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine. +#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine. -.. figure:: /_static/images/secure_lan_setup_page.png - :width: 90% - :alt: LAN setup page + .. figure:: /_static/images/secure_lan_setup_page.png + :width: 90% + :alt: LAN setup page - Select the "Root Certificate Authority" sub menu download icon + Select the "Root Certificate Authority" sub menu download icon -5. Select the option to save the *Embassy Local CA.crt* file. +#. Select the option to save the *Embassy Local CA.crt* file. -.. figure:: /_static/images/ssl/windows/windows_download_cert.png - :width: 90% - :alt: LAN setup prompt + .. figure:: /_static/images/ssl/windows/windows_download_cert.png + :width: 90% + :alt: LAN setup prompt - "Save file" when Opening Embassy Local CA.crt + "Save file" when Opening Embassy Local CA.crt -6. On your computer, right-click the “Start” menu and select “Run”. +#. On your computer, right-click the “Start” menu and select “Run”. -7. Type in “mmc” and click “OK”. When prompted on the “User Account Control” window, select “Yes” to allow this program to run. +#. Type in “mmc” and click “OK”. When prompted on the “User Account Control” window, select “Yes” to allow this program to run. -.. figure:: /_static/images/ssl/windows/1_windows_mmc.png - :width: 90% - :alt: Windows MMC + .. figure:: /_static/images/ssl/windows/1_windows_mmc.png + :width: 90% + :alt: Windows MMC - Access the Windows Management Console + Access the Windows Management Console -8. When the Management Console opens, navigate to *File > Add/Remove Snap-in*. +#. When the Management Console opens, navigate to *File > Add/Remove Snap-in*. -.. figure:: /_static/images/ssl/windows/2_windows_console_root.png - :width: 90% - :alt: Windows Console Root + .. figure:: /_static/images/ssl/windows/2_windows_console_root.png + :width: 90% + :alt: Windows Console Root - Add Snap-in from Console Root + Add Snap-in from Console Root -9. Select “Certificates” in the left side menu, then “Add”. This will open another window. +#. Select “Certificates” in the left side menu, then “Add”. This will open another window. -.. figure:: /_static/images/ssl/windows/3_windows_add_certificates.png - :width: 90% - :alt: Add Certificates + .. figure:: /_static/images/ssl/windows/3_windows_add_certificates.png + :width: 90% + :alt: Add Certificates - Add Certificates to selected snap-ins + Add Certificates to selected snap-ins -10. Select “Computer account” and click “Next. Leave defaulted options on the next screen and click “Finish”. +#. Select “Computer account” and click “Next. Leave defaulted options on the next screen and click “Finish”. -11. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”. +#. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”. -.. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png - :width: 90% - :alt: Snap-in Selected + .. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png + :width: 90% + :alt: Snap-in Selected - Certificates (Local Computer) is selected as snap-in + Certificates (Local Computer) is selected as snap-in -12. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates. +#. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates. -.. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png - :width: 90% - :alt: Certificates in Management Console + .. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png + :width: 90% + :alt: Certificates in Management Console - Access Certificates in Management Console + Access Certificates in Management Console -13. Right click on “Certificates”, then navigate to *All Tasks > Import*. +#. Right click on “Certificates”, then navigate to *All Tasks > Import*. -.. figure:: /_static/images/ssl/windows/6_windows_import_cert.png - :width: 90% - :alt: Import certificate + .. figure:: /_static/images/ssl/windows/6_windows_import_cert.png + :width: 90% + :alt: Import certificate - Select "Import" from Certificates sub-menu + Select "Import" from Certificates sub-menu -14. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and click “Open”. +#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and click “Open”. -.. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png - :width: 90% - :alt: Import cert wizard + .. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png + :width: 90% + :alt: Import cert wizard - Add downloaded certificate int he Certificate Import Wizard + Add downloaded certificate int he Certificate Import Wizard -15. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”. +#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”. -16. Select “OK” when the import is successful. +#. Select “OK” when the import is successful. -17. Verify the Embassy Local Root CA certificate is in the “Certificates” folder. +#. Verify the Embassy Local Root CA certificate is in the “Certificates” folder. -.. figure:: /_static/images/ssl/windows/8_windows_successful_cert_install.png - :width: 90% - :alt: Successful cert install + .. figure:: /_static/images/ssl/windows/8_windows_successful_cert_install.png + :width: 90% + :alt: Successful cert install - Embassy Local Root CA imported into Certificate folder + Embassy Local Root CA imported into Certificate folder -18. You can save the settings to the console if desired or cancel. +#. You can save the settings to the console if desired or cancel. + +#. Open to your favorite browser to import this certificate and follow the steps for :ref:`supported browsers `. -19. Open to your favorite browser to import this certificate and follow the steps for :ref:`supported browsers `. Linux -----