Update macOS cert trust guide (#442)
* Update macOS cert trust guide * Terminology touchup * Terminology touchup two * Terminology touchup three * Update site/source/user-manual/connecting/connecting-lan/lan-os/lan-mac.rst * Update site/source/user-manual/connecting/connecting-lan/lan-os/lan-mac.rst * Update site/source/user-manual/connecting/connecting-lan/lan-os/lan-mac.rst --------- Co-authored-by: kn0wmad <39687477+kn0wmad@users.noreply.github.com>
gStart9
|
Before Width: | Height: | Size: 988 KiB |
|
Before Width: | Height: | Size: 1.1 MiB |
|
Before Width: | Height: | Size: 1.1 MiB |
|
Before Width: | Height: | Size: 1.1 MiB |
|
Before Width: | Height: | Size: 457 KiB |
|
Before Width: | Height: | Size: 118 KiB |
|
After Width: | Height: | Size: 215 KiB |
|
After Width: | Height: | Size: 166 KiB |
|
After Width: | Height: | Size: 211 KiB |
|
After Width: | Height: | Size: 342 KiB |
|
After Width: | Height: | Size: 712 KiB |
|
After Width: | Height: | Size: 888 KiB |
|
After Width: | Height: | Size: 1014 KiB |
|
After Width: | Height: | Size: 602 KiB |
@@ -1,49 +1,59 @@
|
||||
.. _lan-mac:
|
||||
|
||||
==============================
|
||||
Trusting Your Start9 CA on Mac
|
||||
==============================
|
||||
================================
|
||||
Trusting Your Start9 CA on macOS
|
||||
================================
|
||||
|
||||
#. In your Start9 server's UI, navigate to *System* -> *Lan* -> click *Download Certificate* and save it to your Mac.
|
||||
#. In your Start9 server's UI, navigate to **System** -> **LAN**
|
||||
|
||||
.. figure:: /_static/images/ssl/macos/mac-lan-setup0.png
|
||||
.. figure:: /_static/images/ssl/macos/trust-cert-macos-1-system-lan.png
|
||||
:width: 60%
|
||||
:alt: LAN setup prompt
|
||||
:alt: Navigate to System > LAN
|
||||
|
||||
#. Locate the certificate and double click it.
|
||||
#. Click **Download Certificate** and your browser will either automatically save the certificate to your Downloads folder or ask you where to save it:
|
||||
|
||||
.. figure:: /_static/images/ssl/macos/mac-lan-setup1.png
|
||||
.. figure:: /_static/images/ssl/macos/trust-cert-macos-2-download_cert.png
|
||||
:width: 60%
|
||||
:alt: Download Certificate
|
||||
|
||||
#. Among the browser's downloads, right click your certificate file and select *Show in Folder*:
|
||||
|
||||
.. figure:: /_static/images/ssl/macos/trust-cert-macos-3-show_in_folder.png
|
||||
:width: 60%
|
||||
:alt: Show certificate file in Downloads folder
|
||||
|
||||
#. Finder will open. Locate your unique `adjective-noun Local CA.crt` file in your *Downloads* folder and double click it to open it in the Keychain Access program. You will be prompted for your macOS username and password, or thumbprint. Then select *Modify Keychain*:
|
||||
|
||||
.. figure:: /_static/images/ssl/macos/trust-cert-macos-4-modify_keychain.png
|
||||
:width: 60%
|
||||
|
||||
#. In the resulting box, choose "System" from the "Keychain" dropdown menu. Then click "Add."
|
||||
#. Your server's CA certificate will be displayed among the imported certificates in Keychain Access. Right-click on the imported CA cert and select *Get Info*:
|
||||
|
||||
.. figure:: /_static/images/ssl/macos/mac-lan-setup2.png
|
||||
.. figure:: /_static/images/ssl/macos/trust-cert-macos-5-cert-get_info.png
|
||||
:width: 60%
|
||||
:alt: System Keychain
|
||||
:alt: Keychain Access - Get Info of CA Certificate
|
||||
|
||||
#. Enter your computer password when prompted. It will be imported into your mac's keychain.
|
||||
#. The details of your CA certificate will be displayed in a new dialog window. Expand the **Trust** heading, then select "**Always Trust**" on **Secure Sockets Layer (SSL)** and **X.509 Basic Policy**.
|
||||
|
||||
.. figure:: /_static/images/ssl/macos/certificate_untrusted.png
|
||||
.. figure:: /_static/images/ssl/macos/trust-cert-macos-6-ssl_tls-always_trust.png
|
||||
:width: 60%
|
||||
:alt: Keychain access import menu
|
||||
:alt: Trust CA Certificate
|
||||
|
||||
.. note:: If the keychain console did not open, press "Command + spacebar" and type “Keychain Access”, and hit enter to open it.
|
||||
Click the red (x) button at the top left of the Local Root CA dialog window.
|
||||
|
||||
#. Navigate to the "System" tab on the left, find the certificate named as a custom ``adjective-noun.local.crt``, and double click on this certificate. A second window will pop up.
|
||||
#. You will then be prompted again for your username and password, or thumbprint. Enter those and click **Update Settings**:
|
||||
|
||||
#. Open the "Trust" dropdown and select "Always Trust" from the dropdown next to "When using this certificate".
|
||||
.. figure:: /_static/images/ssl/macos/trust-cert-macos-7-password-update_settings.png
|
||||
:width: 60%
|
||||
:alt: Authenticate to change the settings
|
||||
|
||||
.. figure:: /_static/images/ssl/macos/always_trust.png
|
||||
#. You will see your server's CA certificate as trusted now, signified by a blue (+) sign and the CA cert information will now say "This certificate is marked as trusted for all users" in Keychain Access:
|
||||
|
||||
.. figure:: /_static/images/ssl/macos/trust-cert-macos-8-cert_trusted.png
|
||||
:width: 60%
|
||||
:alt: Keychain submenu
|
||||
|
||||
#. Close this window and enter your password to apply the settings.
|
||||
|
||||
#. The unique ``adjective-noun.local.crt`` cert will now read "This certificate is marked as trusted for all users" in Keychain Access.
|
||||
|
||||
.. figure:: /_static/images/ssl/macos/certificate_trusted.png
|
||||
:width: 60%
|
||||
:alt: Keychain menu trusted certificate
|
||||
.. tip:: If the keychain console did not show the certificate as trusted, press "Command + spacebar" and type “Keychain Access”, and hit enter to re-open it.
|
||||
|
||||
No additional setup is required for most browsers and you will now be able to safely connect to your Start9 server over LAN.
|
||||
|
||||
|
||||