diff --git a/source/_static/default.css b/source/_static/default.css index 71e20fb..83bde84 100644 --- a/source/_static/default.css +++ b/source/_static/default.css @@ -70,7 +70,12 @@ h1, h2 { } } -ul .current li .current { + +a:active { + text-decoration: none; +} + +ul.current > .current .active > a.current { text-decoration: underline #f8f8ff; } diff --git a/source/_static/images/bengal_cat.jpg b/source/_static/images/bengal_cat.jpg deleted file mode 100644 index 97b61d2..0000000 Binary files a/source/_static/images/bengal_cat.jpg and /dev/null differ diff --git a/source/_static/images/embassy_lan_setup.png b/source/_static/images/embassy_lan_setup.png new file mode 100644 index 0000000..3b99da6 Binary files /dev/null and b/source/_static/images/embassy_lan_setup.png differ diff --git a/source/_static/images/embassy_version.png b/source/_static/images/embassy_version.png new file mode 100644 index 0000000..b908655 Binary files /dev/null and b/source/_static/images/embassy_version.png differ diff --git a/source/_static/images/secure_lan_setup_page.png b/source/_static/images/secure_lan_setup_page.png new file mode 100644 index 0000000..7be707e Binary files /dev/null and b/source/_static/images/secure_lan_setup_page.png differ diff --git a/source/_static/images/secure_lan_setup_prompt.png b/source/_static/images/secure_lan_setup_prompt.png new file mode 100644 index 0000000..770d4db Binary files /dev/null and b/source/_static/images/secure_lan_setup_prompt.png differ diff --git a/source/_static/images/ssl/macos/always_trust.png b/source/_static/images/ssl/macos/always_trust.png new file mode 100644 index 0000000..07cff0f Binary files /dev/null and b/source/_static/images/ssl/macos/always_trust.png differ diff --git a/source/_static/images/ssl/macos/certificate_trusted.png b/source/_static/images/ssl/macos/certificate_trusted.png new file mode 100644 index 0000000..68094c3 Binary files /dev/null and b/source/_static/images/ssl/macos/certificate_trusted.png differ diff --git a/source/_static/images/ssl/macos/certificate_untrusted.png b/source/_static/images/ssl/macos/certificate_untrusted.png new file mode 100644 index 0000000..bd822da Binary files /dev/null and b/source/_static/images/ssl/macos/certificate_untrusted.png differ diff --git a/source/_static/images/ssl/windows/1_0GZZ91XuU1-XcTFYP5DJYg.png b/source/_static/images/ssl/windows/1_0GZZ91XuU1-XcTFYP5DJYg.png new file mode 100644 index 0000000..1f8b2ee Binary files /dev/null and b/source/_static/images/ssl/windows/1_0GZZ91XuU1-XcTFYP5DJYg.png differ diff --git a/source/_static/images/ssl/windows/1_41RTVpAHeKkF7YnmuiMEKg.png b/source/_static/images/ssl/windows/1_41RTVpAHeKkF7YnmuiMEKg.png new file mode 100644 index 0000000..04d9f06 Binary files /dev/null and b/source/_static/images/ssl/windows/1_41RTVpAHeKkF7YnmuiMEKg.png differ diff --git a/source/_static/images/ssl/windows/1_MlaW82vNMW3FGTMziJlN7A.png b/source/_static/images/ssl/windows/1_MlaW82vNMW3FGTMziJlN7A.png new file mode 100644 index 0000000..d1b26cb Binary files /dev/null and b/source/_static/images/ssl/windows/1_MlaW82vNMW3FGTMziJlN7A.png differ diff --git a/source/_static/images/ssl/windows/1_QuaNPNXAmbNCzXXRL4v20Q.png b/source/_static/images/ssl/windows/1_QuaNPNXAmbNCzXXRL4v20Q.png new file mode 100644 index 0000000..a6825a4 Binary files /dev/null and b/source/_static/images/ssl/windows/1_QuaNPNXAmbNCzXXRL4v20Q.png differ diff --git a/source/_static/images/ssl/windows/1_RU37fHvCA_Th8cHKiAKNyg.png b/source/_static/images/ssl/windows/1_RU37fHvCA_Th8cHKiAKNyg.png new file mode 100644 index 0000000..e429818 Binary files /dev/null and b/source/_static/images/ssl/windows/1_RU37fHvCA_Th8cHKiAKNyg.png differ diff --git a/source/_static/images/ssl/windows/1_Tf4OFx1ykaUfeQAEB8x5Fg.png b/source/_static/images/ssl/windows/1_Tf4OFx1ykaUfeQAEB8x5Fg.png new file mode 100644 index 0000000..4264059 Binary files /dev/null and b/source/_static/images/ssl/windows/1_Tf4OFx1ykaUfeQAEB8x5Fg.png differ diff --git a/source/_static/images/ssl/windows/1_XvC7abvih5VVHf0OqyQXuQ.png b/source/_static/images/ssl/windows/1_XvC7abvih5VVHf0OqyQXuQ.png new file mode 100644 index 0000000..aa2f969 Binary files /dev/null and b/source/_static/images/ssl/windows/1_XvC7abvih5VVHf0OqyQXuQ.png differ diff --git a/source/_static/images/ssl/windows/1_irGfcmIoqco-snpRGC5H4g.png b/source/_static/images/ssl/windows/1_irGfcmIoqco-snpRGC5H4g.png new file mode 100644 index 0000000..b4017ee Binary files /dev/null and b/source/_static/images/ssl/windows/1_irGfcmIoqco-snpRGC5H4g.png differ diff --git a/source/_static/images/ssl/windows/1_qpy1DiM56u22P6pkyXV6Yg.png b/source/_static/images/ssl/windows/1_qpy1DiM56u22P6pkyXV6Yg.png new file mode 100644 index 0000000..9d0df9c Binary files /dev/null and b/source/_static/images/ssl/windows/1_qpy1DiM56u22P6pkyXV6Yg.png differ diff --git a/source/_static/images/ssl_certificate_install_page.PNG b/source/_static/images/ssl_certificate_install_page.PNG new file mode 100644 index 0000000..1bdb921 Binary files /dev/null and b/source/_static/images/ssl_certificate_install_page.PNG differ diff --git a/source/_static/images/ssl_ipad_cert_trust.PNG b/source/_static/images/ssl_ipad_cert_trust.PNG new file mode 100644 index 0000000..f080e36 Binary files /dev/null and b/source/_static/images/ssl_ipad_cert_trust.PNG differ diff --git a/source/_static/images/ssl_ipad_cert_trust_settings.PNG b/source/_static/images/ssl_ipad_cert_trust_settings.PNG new file mode 100644 index 0000000..394883f Binary files /dev/null and b/source/_static/images/ssl_ipad_cert_trust_settings.PNG differ diff --git a/source/_static/images/ssl_ipad_general_settings.PNG b/source/_static/images/ssl_ipad_general_settings.PNG new file mode 100644 index 0000000..99fd120 Binary files /dev/null and b/source/_static/images/ssl_ipad_general_settings.PNG differ diff --git a/source/_static/images/ssl_ipad_install_profile.PNG b/source/_static/images/ssl_ipad_install_profile.PNG new file mode 100644 index 0000000..0c1ac87 Binary files /dev/null and b/source/_static/images/ssl_ipad_install_profile.PNG differ diff --git a/source/_static/images/ssl_ipad_profiles.PNG b/source/_static/images/ssl_ipad_profiles.PNG new file mode 100644 index 0000000..952cdd3 Binary files /dev/null and b/source/_static/images/ssl_ipad_profiles.PNG differ diff --git a/source/_static/images/ssl_setup_app_advanced.PNG b/source/_static/images/ssl_setup_app_advanced.PNG new file mode 100644 index 0000000..766dd8a Binary files /dev/null and b/source/_static/images/ssl_setup_app_advanced.PNG differ diff --git a/source/_static/images/ssl_setup_app_complete.PNG b/source/_static/images/ssl_setup_app_complete.PNG new file mode 100644 index 0000000..8e9e189 Binary files /dev/null and b/source/_static/images/ssl_setup_app_complete.PNG differ diff --git a/source/user-manuals/embassyos/general/index.rst b/source/user-manuals/embassyos/general/index.rst index cb2902f..5ac982a 100644 --- a/source/user-manuals/embassyos/general/index.rst +++ b/source/user-manuals/embassyos/general/index.rst @@ -16,5 +16,5 @@ Features developer-options/index power notifications - ssl + secure-lan/index forgot-password \ No newline at end of file diff --git a/source/user-manuals/embassyos/general/secure-lan/browsers.rst b/source/user-manuals/embassyos/general/secure-lan/browsers.rst new file mode 100644 index 0000000..e69de29 diff --git a/source/user-manuals/embassyos/general/secure-lan/desktop.rst b/source/user-manuals/embassyos/general/secure-lan/desktop.rst new file mode 100644 index 0000000..4db3e91 --- /dev/null +++ b/source/user-manuals/embassyos/general/secure-lan/desktop.rst @@ -0,0 +1,116 @@ +******** +Desktop +******** + +MacOS +===== + +1. Copy the Tor address from the Setup App. It is safe to message this address to yourself so that you can paste it in a browser. + +2. Navigate to a `Tor enabled browser <_connecting>`. + +3. Your browser might display a warning screen. You can typically navigate to ``Advanced > Accept the risk and continue``. + +4. Allow the page to load with your Tor address over HTTP. Using HTTPS is less performant and unnecessary because Tor v3 is self authenticating. + +5. Login to Ambassador UI with the master password you created in the Setup App. + +6. Navigate to the “Embassy” tab in the menu. + +7. Find the section entitled “Secure LAN Setup”. + +.. figure:: /_static/images/embassy_lan_setup.png + :width: 90% + :alt: Secure LAN setup menu item + + Select the "Secure LAN Setup" menu item + +8. Select the "SSL Certificate" sub menu. This will prompt a download. + +.. figure:: /_static/images/secure_lan_setup_page.png + :width: 90% + :alt: Secure LAN setup page + + Select the "SSL Certificate" sub menu + +9. Select the option to open your key with Keychain Access. If you choose to save file, double click on it once downloaded. + +.. figure:: /_static/images/secure_lan_setup_prompt.png + :width: 90% + :alt: Secure LAN setup prompt + + Open with "Keychain Access" and select "OK" + +10. Enter your computer password when prompted. It will be imported into your computer’s keychain. + +.. figure:: /_static/images/ssl/macos/certificate_untrusted.png + :width: 90% + :alt: Keychain access import menu + + Keychain access import menu + +If the keychain console did not open, press ``Command + spacebar`` and type “Keychain Access”, and hit enter to open it. + +11. Navigate to the “System” tab and find the certificate entitled “Embassy Local Root CA”. + +12. Double click on this certificate. A second window will pop up. + +13. Open the “Trust” dropdown and select “Always Trust” from the dropdown next to “when using this certificate”. + +.. figure:: /_static/images/ssl/macos/always_trust.png + :width: 90% + :alt: Keychain submenu + + Selec "Always trust" under SSL dropdown for Embassy Local CA + +14. Close this window and enter your password to apply the settings. + +15. The “Embassy Local Root CA” cert will now read “This certificate is marked as trusted for all users” in Keychain Access. + +.. figure:: /_static/images/ssl/macos/certificate_trusted.png + :width: 90% + :alt: Keychain menu trusted certificate + + Trusted Embassy Local CA certificate + +16. Navigate to your desired browser to import this certificate and follow the steps for `supported browsers `. + +Windows +======= + +1. Copy the Tor .onion link from the final page of the Setup App. It is safe to message this address to yourself so that you can paste it in a browser. +2. Navigate to a Tor enabled browser. * +3. Your browser might display a warning screen. You can typically navigate to Advanced > Accept the risk and continue. +4. Allow the page to load with your Tor address over HTTP. Using HTTPS is less performant and unnecessary because Tor v3 is self authenticating. +5. Login to Ambassador UI with the master password you created in the Setup App. +6. Navigate to the “Embassy” tab in the menu. +7. Find the section entitled “Install SSL Certificate”. +8. This will prompt a download to save the certificate file to your machine. +Image for post +9. Right-click the “Start” menu and select “Run”. +10. Type in “mmc” and click “OK”. When prompted on the “User Account Control” window, select “Yes” to allow this program to run. +Image for post +11. When the Management Console opens, navigate to File > Add/Remove Snap-in. +Image for post +12. Select “Certificates” in the left side menu, then “Add”. This will open another window. +Image for post +13. Select “Computer account” and click “Next. Leave defaulted options on the next screen and click “Finish”. +14. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”. +Image for post +15. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates. +Image for post +16. Right click on “Certificates”, then select All Tasks > Import. +Image for post +17. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and click “Open”. +Image for post +18. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”. +19. Select “OK” when the import is successful. +20. Verify the Embassy Local Root CA certificate is in the “Certificates” folder. +Image for post +21. You can save the settings to the console if desired or cancel. +22. Navigate to your desired browser to import this certificate. Steps for supported browsers are outlined below. + +Linux +===== + +Please reach out to `@ProofOfKeags `_ on `Telegram `_ if you would like assistance setting up SSL Certificates in this environment. diff --git a/source/user-manuals/embassyos/general/secure-lan/index.rst b/source/user-manuals/embassyos/general/secure-lan/index.rst new file mode 100644 index 0000000..48cd78c --- /dev/null +++ b/source/user-manuals/embassyos/general/secure-lan/index.rst @@ -0,0 +1,40 @@ +.. _ssl-setup: + +**************** +Secure LAN Setup +**************** + +EmbassyOS has ability to securely access your Embassy over HTTPS from any browser in addition to the already secure option of communicating over Tor. This method of connecting is faster when on the same Local Area Network (LAN). This is accomplished by HTTPS using the OpenSSL protocol. Your Embassy becomes a Certificate Authority and uses its root certificate to generate a self-signed cert for you to import on your devices. + +The following guides will take you through the steps to install and trust the SSL certificate generated from your Embassy. + +First, determine your current version of EmbassyOS from the menu at ``Embassy > About > EmbassyOS Version``. + +.. figure:: /_static/images/embassy_version.png + :width: 90% + :alt: EmbassyOS version view + + How to view EmbassyOS version + + +For EmbassyOS versions < 0.2.5, please follow the setup instructions on this `blog post `_. + +For EmbassyOS versions >= 0.2.5, continue below. + +Complete the setup for your device operating system: + +.. toctree:: + :maxdepth: 2 + + desktop + mobile + +Next, complete the setup for your desired browser. This guide currently covers: + +.. toctree:: + :maxdepth: 2 + + Brave + Firefox + Chrome + Safari \ No newline at end of file diff --git a/source/user-manuals/embassyos/general/secure-lan/mobile.rst b/source/user-manuals/embassyos/general/secure-lan/mobile.rst new file mode 100644 index 0000000..c23b9bc --- /dev/null +++ b/source/user-manuals/embassyos/general/secure-lan/mobile.rst @@ -0,0 +1,88 @@ +****** +Mobile +****** + + +iOS +==== + +1. Navigate back to the `Start9 Setup App `_. + +2. Select your claimed Embassy to view the setup results. + +3. Find the "Advanced" menu item at the bottom of the Setup App screen. + +.. figure:: /_static/images/ssl_setup_app_complete.png + :width: 90% + :alt: Setup app complete + + Completed Setup App screen + +4. Select the "Embassy Local Root CA" menu item. Clicking this will prompt you to “Save to device”. + +.. figure:: /_static/images/ssl_setup_app_advanced.png + :width: 90% + :alt: Setup app advanced menu + + Setup App advanced menu + +.. note:: At this point, you may see a yellow messaging indicating you need to reclaim your Embassy to activate this feature. Proceed with the recommendation. + +5. You will be directed to a page in Safari indicating next steps and that the profile has been successfully downloaded. Be sure to complete all steps in this process. These steps are also outlined below. + +.. figure:: /_static/images/ssl_certificate_install_page.png + :width: 90% + :alt: Certificate install page + + Certificate install page - Select "Allow" + +6. Go to Settings on your iOS device. + +.. figure:: /_static/images/ssl_ipad_general_settings.png + :width: 90% + :alt: General settings + + General settings + +7. Navigate to ``General > Profile(s) > Downloaded Profile > Install``. + +.. figure:: /_static/images/ssl_ipad_profiles.png + :width: 90% + :alt: Profiles + + Profiles view + +.. figure:: /_static/images/ssl_ipad_install_profile.png + :width: 90% + :alt: Install profile + + Select "Install" for Embassy Local Root CA + +8. Select “yes” to any warning prompts. + +9. Next, navigate to ``General > About > Certificate Trust Settings``. + +.. figure:: /_static/images/ssl_ipad_cert_trust_settings.png + :width: 90% + :alt: Certificate trust settings + + Select Certificate Trust Settings (scroll all the way down) + +10. Enable full trust for root certificates. + +.. figure:: /_static/images/ssl_ipad_cert_trust.png + :width: 90% + :alt: Enable full trust + + Toggle to enable full trust for root certificates. "Continue" when warning prompts. + +11. Test that this process worked successfully by navigating to the LAN address provided in the Setup App. You should no longer see warnings about the security of this site in your browser. We recommend using Start9’s own `Consulate `_ browser for a faster and better experience. + + +Android +======= + +Unfortunately, Android devices do not yet natively support mDNS, which is used to access LAN addresses on a mobile device browser. As a result, you cannot yet access your LAN address from the browser on Android. We are tracking this issue `here `_, please star it to get more attention from the development team! + +We are also working on the `Consulate `_ for Android, which will enable this feature by default and allow you to bookmark your LAN address for efficient access to your Embassy over HTTPS. +In the meantime, you can access your Embassy on Android using the `Tor Browser `_. \ No newline at end of file diff --git a/source/user-manuals/embassyos/general/ssl.rst b/source/user-manuals/embassyos/general/ssl.rst deleted file mode 100644 index 4a45349..0000000 --- a/source/user-manuals/embassyos/general/ssl.rst +++ /dev/null @@ -1,7 +0,0 @@ -.. _ssl-setup: - -********* -SSL Setup -********* - -Please follow the setup instructions `here `_. \ No newline at end of file