diff --git a/source/_static/images/ssl/browser/brave_security_settings.png b/source/_static/images/ssl/browser/brave_security_settings.png new file mode 100644 index 0000000..97f4e1f Binary files /dev/null and b/source/_static/images/ssl/browser/brave_security_settings.png differ diff --git a/source/_static/images/ssl/browser/brave_view_certs.png b/source/_static/images/ssl/browser/brave_view_certs.png new file mode 100644 index 0000000..d7dde14 Binary files /dev/null and b/source/_static/images/ssl/browser/brave_view_certs.png differ diff --git a/source/_static/images/ssl/browser/firefox_security_settings.png b/source/_static/images/ssl/browser/firefox_security_settings.png new file mode 100644 index 0000000..354de1c Binary files /dev/null and b/source/_static/images/ssl/browser/firefox_security_settings.png differ diff --git a/source/_static/images/ssl/browser/firefox_view_certs.png b/source/_static/images/ssl/browser/firefox_view_certs.png new file mode 100644 index 0000000..f3f899c Binary files /dev/null and b/source/_static/images/ssl/browser/firefox_view_certs.png differ diff --git a/source/_static/images/ssl_certificate_install_page.PNG b/source/_static/images/ssl/mobile/ssl_certificate_install_page.PNG similarity index 100% rename from source/_static/images/ssl_certificate_install_page.PNG rename to source/_static/images/ssl/mobile/ssl_certificate_install_page.PNG diff --git a/source/_static/images/ssl_ipad_cert_trust.PNG b/source/_static/images/ssl/mobile/ssl_ipad_cert_trust.PNG similarity index 100% rename from source/_static/images/ssl_ipad_cert_trust.PNG rename to source/_static/images/ssl/mobile/ssl_ipad_cert_trust.PNG diff --git a/source/_static/images/ssl_ipad_cert_trust_settings.PNG b/source/_static/images/ssl/mobile/ssl_ipad_cert_trust_settings.PNG similarity index 100% rename from source/_static/images/ssl_ipad_cert_trust_settings.PNG rename to source/_static/images/ssl/mobile/ssl_ipad_cert_trust_settings.PNG diff --git a/source/_static/images/ssl_ipad_general_settings.PNG b/source/_static/images/ssl/mobile/ssl_ipad_general_settings.PNG similarity index 100% rename from source/_static/images/ssl_ipad_general_settings.PNG rename to source/_static/images/ssl/mobile/ssl_ipad_general_settings.PNG diff --git a/source/_static/images/ssl_ipad_install_profile.PNG b/source/_static/images/ssl/mobile/ssl_ipad_install_profile.PNG similarity index 100% rename from source/_static/images/ssl_ipad_install_profile.PNG rename to source/_static/images/ssl/mobile/ssl_ipad_install_profile.PNG diff --git a/source/_static/images/ssl_ipad_profiles.PNG b/source/_static/images/ssl/mobile/ssl_ipad_profiles.PNG similarity index 100% rename from source/_static/images/ssl_ipad_profiles.PNG rename to source/_static/images/ssl/mobile/ssl_ipad_profiles.PNG diff --git a/source/_static/images/ssl_setup_app_advanced.PNG b/source/_static/images/ssl/mobile/ssl_setup_app_advanced.PNG similarity index 100% rename from source/_static/images/ssl_setup_app_advanced.PNG rename to source/_static/images/ssl/mobile/ssl_setup_app_advanced.PNG diff --git a/source/_static/images/ssl_setup_app_complete.PNG b/source/_static/images/ssl/mobile/ssl_setup_app_complete.PNG similarity index 100% rename from source/_static/images/ssl_setup_app_complete.PNG rename to source/_static/images/ssl/mobile/ssl_setup_app_complete.PNG diff --git a/source/_static/images/ssl/windows/1_qpy1DiM56u22P6pkyXV6Yg.png b/source/_static/images/ssl/windows/1_qpy1DiM56u22P6pkyXV6Yg.png deleted file mode 100644 index 9d0df9c..0000000 Binary files a/source/_static/images/ssl/windows/1_qpy1DiM56u22P6pkyXV6Yg.png and /dev/null differ diff --git a/source/_static/images/ssl/windows/1_MlaW82vNMW3FGTMziJlN7A.png b/source/_static/images/ssl/windows/1_windows_mmc.png similarity index 100% rename from source/_static/images/ssl/windows/1_MlaW82vNMW3FGTMziJlN7A.png rename to source/_static/images/ssl/windows/1_windows_mmc.png diff --git a/source/_static/images/ssl/windows/1_0GZZ91XuU1-XcTFYP5DJYg.png b/source/_static/images/ssl/windows/2_windows_console_root.png similarity index 100% rename from source/_static/images/ssl/windows/1_0GZZ91XuU1-XcTFYP5DJYg.png rename to source/_static/images/ssl/windows/2_windows_console_root.png diff --git a/source/_static/images/ssl/windows/1_41RTVpAHeKkF7YnmuiMEKg.png b/source/_static/images/ssl/windows/3_windows_add_certificates.png similarity index 100% rename from source/_static/images/ssl/windows/1_41RTVpAHeKkF7YnmuiMEKg.png rename to source/_static/images/ssl/windows/3_windows_add_certificates.png diff --git a/source/_static/images/ssl/windows/1_Tf4OFx1ykaUfeQAEB8x5Fg.png b/source/_static/images/ssl/windows/4_windows_selected_snapin.png similarity index 100% rename from source/_static/images/ssl/windows/1_Tf4OFx1ykaUfeQAEB8x5Fg.png rename to source/_static/images/ssl/windows/4_windows_selected_snapin.png diff --git a/source/_static/images/ssl/windows/1_irGfcmIoqco-snpRGC5H4g.png b/source/_static/images/ssl/windows/5_windows_trusted_certificate_menu.png similarity index 100% rename from source/_static/images/ssl/windows/1_irGfcmIoqco-snpRGC5H4g.png rename to source/_static/images/ssl/windows/5_windows_trusted_certificate_menu.png diff --git a/source/_static/images/ssl/windows/1_XvC7abvih5VVHf0OqyQXuQ.png b/source/_static/images/ssl/windows/6_windows_import_cert.png similarity index 100% rename from source/_static/images/ssl/windows/1_XvC7abvih5VVHf0OqyQXuQ.png rename to source/_static/images/ssl/windows/6_windows_import_cert.png diff --git a/source/_static/images/ssl/windows/1_QuaNPNXAmbNCzXXRL4v20Q.png b/source/_static/images/ssl/windows/7_windows_import_cert_wizard.png similarity index 100% rename from source/_static/images/ssl/windows/1_QuaNPNXAmbNCzXXRL4v20Q.png rename to source/_static/images/ssl/windows/7_windows_import_cert_wizard.png diff --git a/source/_static/images/ssl/windows/1_RU37fHvCA_Th8cHKiAKNyg.png b/source/_static/images/ssl/windows/8_windows_successful_cert_install.png similarity index 100% rename from source/_static/images/ssl/windows/1_RU37fHvCA_Th8cHKiAKNyg.png rename to source/_static/images/ssl/windows/8_windows_successful_cert_install.png diff --git a/source/_static/images/ssl/windows/windows_download_cert.png b/source/_static/images/ssl/windows/windows_download_cert.png new file mode 100644 index 0000000..f4abfc4 Binary files /dev/null and b/source/_static/images/ssl/windows/windows_download_cert.png differ diff --git a/source/_static/images/ssl/windows/windows_embassy_menu.png b/source/_static/images/ssl/windows/windows_embassy_menu.png new file mode 100644 index 0000000..74fb642 Binary files /dev/null and b/source/_static/images/ssl/windows/windows_embassy_menu.png differ diff --git a/source/_static/images/ssl/windows/windows_lan_page.png b/source/_static/images/ssl/windows/windows_lan_page.png new file mode 100644 index 0000000..330b8ee Binary files /dev/null and b/source/_static/images/ssl/windows/windows_lan_page.png differ diff --git a/source/user-manuals/embassyos/general/secure-lan/browser.rst b/source/user-manuals/embassyos/general/secure-lan/browser.rst new file mode 100644 index 0000000..80d9137 --- /dev/null +++ b/source/user-manuals/embassyos/general/secure-lan/browser.rst @@ -0,0 +1,87 @@ +.. _browsers: + +******* +Browser +******* + +.. warning:: Make sure you have completed setup on your :ref:`device ` before continuing! + +Brave +===== + +1. Navigate to your Brave Settings in a new tab. + +2. On the left hand sidebar, select ``Additional Settings > Privacy and Security``. + +3. Add the bottom of the section, select "Manage Certificates". + +.. figure:: /_static/images/ssl/browser/brave_security_settings.png + :width: 90% + :alt: Brave security settings + + Brave privacy and security settings page + +4. If you see a trusted “Embassy Local Root CA”, open a new tab to apply the certificate. If this does not work, quit and restart Brave. + +5. If you do not see a trusted “Embassy Local Root CA” certificate in the list, ensure the certificate is properly set up on your computer system. + +.. figure:: /_static/images/ssl/browser/brave_view_certs.png + :width: 90% + :alt: Brave manage certs + + Brave Manage Certificates sub-menu on MacOS + +6. Obtain the LAN address provided in the Setup App and enter it in a new tab. + +7. You can now securely navigate to your Embassy over HTTPS! + +8. Additionally, you can start a Brave private window with Tor to visit the Tor address over HTTPS (unnecessary in principle, but will circumvent annoying browser warnings). + +Chrome +====== + +1. Once you have followed the steps to setup your device, open a new tab to apply the certificate. If this does not work, quit and restart Chrome. + +2. Obtain the LAN address provided in the Setup App and enter it in the URL bar. + +3. You can now securely navigate to your Embassy over HTTPS! + +Firefox +======== + +1. Navigate to your Firefox Settings in a new tab. + +2. Select “Privacy and Security” from the left hand navigation menu. + +3. Scroll all the way to the bottom of the page and select “View Certificates”. + +.. figure:: /_static/images/ssl/browser/firefox_security_settings.png + :width: 90% + :alt: Firefox security settings + + Firefox privacy and security settings page + +4. Click “Import” and open the downloaded ``Embassy Local Root CA.crt`` file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps `. + +5. When prompted, check “Trust this CA to identity websites” and select “OK”. + +.. figure:: /_static/images/ssl/browser/firefox_security_settings.png + :width: 90% + :alt: Firefox import cert + + Firefox import certificate page + +6. Ensure the “Embassy Local Root CA” exists under “Start9 Labs”. + +7. Click “OK” to save. + +8. Open a new tab in Firefox to apply the changes. If this does not work, quit and restart Firefox. + +9. Navigate to the LAN address provided in the Setup App. + +10. You can now securely navigate to your Embassy over HTTPS! + +Safari +====== + +Once you have completed the steps to install a SSL certificate on your device, simply open a new tab to apply the changes. If this does not work, quit and restart Safari. You can now security navigate to the LAN address for your Embassy! \ No newline at end of file diff --git a/source/user-manuals/embassyos/general/secure-lan/browsers.rst b/source/user-manuals/embassyos/general/secure-lan/browsers.rst deleted file mode 100644 index e69de29..0000000 diff --git a/source/user-manuals/embassyos/general/secure-lan/desktop.rst b/source/user-manuals/embassyos/general/secure-lan/desktop.rst index 4db3e91..5b00d5d 100644 --- a/source/user-manuals/embassyos/general/secure-lan/desktop.rst +++ b/source/user-manuals/embassyos/general/secure-lan/desktop.rst @@ -7,7 +7,7 @@ MacOS 1. Copy the Tor address from the Setup App. It is safe to message this address to yourself so that you can paste it in a browser. -2. Navigate to a `Tor enabled browser <_connecting>`. +2. Navigate to a :ref:`Tor enabled browser `. 3. Your browser might display a warning screen. You can typically navigate to ``Advanced > Accept the risk and continue``. @@ -25,7 +25,7 @@ MacOS Select the "Secure LAN Setup" menu item -8. Select the "SSL Certificate" sub menu. This will prompt a download. +8. Select the "SSL Certificate" sub menu. This will prompt a download to save the certificate file to your machine. .. figure:: /_static/images/secure_lan_setup_page.png :width: 90% @@ -61,7 +61,7 @@ If the keychain console did not open, press ``Command + spacebar`` and type “K :width: 90% :alt: Keychain submenu - Selec "Always trust" under SSL dropdown for Embassy Local CA + Select "Always trust" under SSL dropdown for Embassy Local CA 14. Close this window and enter your password to apply the settings. @@ -73,42 +73,122 @@ If the keychain console did not open, press ``Command + spacebar`` and type “K Trusted Embassy Local CA certificate -16. Navigate to your desired browser to import this certificate and follow the steps for `supported browsers `. +16. Navigate to your desired browser to import this certificate and follow the steps for :ref:`supported browsers `. Windows ======= -1. Copy the Tor .onion link from the final page of the Setup App. It is safe to message this address to yourself so that you can paste it in a browser. -2. Navigate to a Tor enabled browser. * -3. Your browser might display a warning screen. You can typically navigate to Advanced > Accept the risk and continue. +1. Copy the Tor address from the Setup App. It is safe to message this address to yourself so that you can paste it in a browser. + +2. Navigate to a :ref:`Tor enabled browser `. + +3. Your browser might display a warning screen. You can typically navigate to ``Advanced > Accept the risk and continue``. + 4. Allow the page to load with your Tor address over HTTP. Using HTTPS is less performant and unnecessary because Tor v3 is self authenticating. + 5. Login to Ambassador UI with the master password you created in the Setup App. + 6. Navigate to the “Embassy” tab in the menu. -7. Find the section entitled “Install SSL Certificate”. -8. This will prompt a download to save the certificate file to your machine. -Image for post -9. Right-click the “Start” menu and select “Run”. -10. Type in “mmc” and click “OK”. When prompted on the “User Account Control” window, select “Yes” to allow this program to run. -Image for post -11. When the Management Console opens, navigate to File > Add/Remove Snap-in. -Image for post -12. Select “Certificates” in the left side menu, then “Add”. This will open another window. -Image for post -13. Select “Computer account” and click “Next. Leave defaulted options on the next screen and click “Finish”. -14. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”. -Image for post -15. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates. -Image for post -16. Right click on “Certificates”, then select All Tasks > Import. -Image for post -17. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and click “Open”. -Image for post -18. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”. -19. Select “OK” when the import is successful. -20. Verify the Embassy Local Root CA certificate is in the “Certificates” folder. -Image for post -21. You can save the settings to the console if desired or cancel. -22. Navigate to your desired browser to import this certificate. Steps for supported browsers are outlined below. + +7. Find the section entitled “Secure LAN Setup”. + +.. figure:: /_static/images/ssl/windows/windows_embassy_menu.png + :width: 90% + :alt: Secure LAN setup menu item + + Select the "Secure LAN Setup" menu item + +8. Select the "SSL Certificate" sub menu. This will prompt a download to save the certificate file to your machine. + +.. figure:: /_static/images/ssl/windows/windows_lan_page.png + :width: 90% + :alt: Secure LAN setup page + + Select the "SSL Certificate" sub menu download icon + +9. Select the option to save the ``Embassy Local CA.crt`` file. + +.. figure:: /_static/images/ssl/windows/windows_download_cert.png + :width: 90% + :alt: Secure LAN setup prompt + + "Save file" when Opening Embassy Local CA.crt + +10. On your computer, right-click the “Start” menu and select “Run”. + +11. Type in “mmc” and click “OK”. When prompted on the “User Account Control” window, select “Yes” to allow this program to run. + +.. figure:: /_static/images/ssl/windows/1_windows_mmc.png + :width: 90% + :alt: Windows MMC + + Access the Windows Management Console + +12. When the Management Console opens, navigate to ``File > Add/Remove Snap-in``. + +.. figure:: /_static/images/ssl/windows/2_windows_console_root.png + :width: 90% + :alt: Windows Console Root + + Add Snap-in from Console Root + +13. Select “Certificates” in the left side menu, then “Add”. This will open another window. + +.. figure:: /_static/images/ssl/windows/3_windows_add_certificates.png + :width: 90% + :alt: Add Certificates + + Add Certificates to selected snap-ins + +14. Select “Computer account” and click “Next. Leave defaulted options on the next screen and click “Finish”. + +15. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”. + +.. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png + :width: 90% + :alt: Snap-in Selected + + Certificates (Local Computer) is selected as snap-in + +16. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates. + +.. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png + :width: 90% + :alt: Certificates in Management Console + + Access Certificates in Management Console + +17. Right click on “Certificates”, then select ``All Tasks > Import``. + +.. figure:: /_static/images/ssl/windows/6_windows_import_cert.png + :width: 90% + :alt: Import certificate + + Select "Import" from Certificates sub-menu + +18. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and click “Open”. + +.. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png + :width: 90% + :alt: Import cert wizard + + Add downloaded certificate int he Certificate Import Wizard + +19. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”. + +20. Select “OK” when the import is successful. + +21. Verify the Embassy Local Root CA certificate is in the “Certificates” folder. + +.. figure:: /_static/images/ssl/windows/8_windows_successful_cert_install.png + :width: 90% + :alt: Successful cert install + + Embassy Local Root CA imported into Certificate folder + +22. You can save the settings to the console if desired or cancel. + +23. Navigate to your desired browser to import this certificate and follow the steps for :ref:`supported browsers `. Linux ===== diff --git a/source/user-manuals/embassyos/general/secure-lan/index.rst b/source/user-manuals/embassyos/general/secure-lan/index.rst index 48cd78c..3111cc2 100644 --- a/source/user-manuals/embassyos/general/secure-lan/index.rst +++ b/source/user-manuals/embassyos/general/secure-lan/index.rst @@ -17,9 +17,10 @@ First, determine your current version of EmbassyOS from the menu at ``Embassy > How to view EmbassyOS version -For EmbassyOS versions < 0.2.5, please follow the setup instructions on this `blog post `_. +.. warning:: + For EmbassyOS versions ``<0.2.5``, please follow the setup instructions on this `blog post `_. -For EmbassyOS versions >= 0.2.5, continue below. + For EmbassyOS versions ``>=0.2.5``, continue below. Complete the setup for your device operating system: @@ -34,7 +35,4 @@ Next, complete the setup for your desired browser. This guide currently covers: .. toctree:: :maxdepth: 2 - Brave - Firefox - Chrome - Safari \ No newline at end of file + browser \ No newline at end of file diff --git a/source/user-manuals/embassyos/general/secure-lan/mobile.rst b/source/user-manuals/embassyos/general/secure-lan/mobile.rst index c23b9bc..b016eb5 100644 --- a/source/user-manuals/embassyos/general/secure-lan/mobile.rst +++ b/source/user-manuals/embassyos/general/secure-lan/mobile.rst @@ -12,7 +12,7 @@ iOS 3. Find the "Advanced" menu item at the bottom of the Setup App screen. -.. figure:: /_static/images/ssl_setup_app_complete.png +.. figure:: /_static/images/ssl/mobile/ssl_setup_app_complete.png :width: 90% :alt: Setup app complete @@ -20,7 +20,7 @@ iOS 4. Select the "Embassy Local Root CA" menu item. Clicking this will prompt you to “Save to device”. -.. figure:: /_static/images/ssl_setup_app_advanced.png +.. figure:: /_static/images/ssl/mobile/ssl_setup_app_advanced.png :width: 90% :alt: Setup app advanced menu @@ -30,15 +30,15 @@ iOS 5. You will be directed to a page in Safari indicating next steps and that the profile has been successfully downloaded. Be sure to complete all steps in this process. These steps are also outlined below. -.. figure:: /_static/images/ssl_certificate_install_page.png +.. figure:: /_static/images/ssl/mobile/ssl_certificate_install_page.png :width: 90% :alt: Certificate install page - Certificate install page - Select "Allow" + Select "Allow" on the certificate install page 6. Go to Settings on your iOS device. -.. figure:: /_static/images/ssl_ipad_general_settings.png +.. figure:: /_static/images/ssl/mobile/ssl_ipad_general_settings.png :width: 90% :alt: General settings @@ -46,13 +46,13 @@ iOS 7. Navigate to ``General > Profile(s) > Downloaded Profile > Install``. -.. figure:: /_static/images/ssl_ipad_profiles.png +.. figure:: /_static/images/ssl/mobile/ssl_ipad_profiles.png :width: 90% :alt: Profiles Profiles view -.. figure:: /_static/images/ssl_ipad_install_profile.png +.. figure:: /_static/images/ssl/mobile/ssl_ipad_install_profile.png :width: 90% :alt: Install profile @@ -62,7 +62,7 @@ iOS 9. Next, navigate to ``General > About > Certificate Trust Settings``. -.. figure:: /_static/images/ssl_ipad_cert_trust_settings.png +.. figure:: /_static/images/ssl/mobile/ssl_ipad_cert_trust_settings.png :width: 90% :alt: Certificate trust settings @@ -70,13 +70,13 @@ iOS 10. Enable full trust for root certificates. -.. figure:: /_static/images/ssl_ipad_cert_trust.png +.. figure:: /_static/images/ssl/mobile/ssl_ipad_cert_trust.png :width: 90% :alt: Enable full trust Toggle to enable full trust for root certificates. "Continue" when warning prompts. -11. Test that this process worked successfully by navigating to the LAN address provided in the Setup App. You should no longer see warnings about the security of this site in your browser. We recommend using Start9’s own `Consulate `_ browser for a faster and better experience. +11. Test that this process worked successfully by navigating to the LAN address provided in the Setup App. You should no longer see warnings about the security of this site in your browser. We recommend using Start9’s own `Consulate browser `_ for a faster and better experience. Android