diff --git a/source/misc-guides/tor-firefox/android.rst b/source/misc-guides/tor-firefox/android.rst index c89876a..05d5df6 100644 --- a/source/misc-guides/tor-firefox/android.rst +++ b/source/misc-guides/tor-firefox/android.rst @@ -43,4 +43,4 @@ Once Tor is setup on your system, you can proceed to setup Firefox: :width: 50% :alt: Firefox whitelist onions screenshot -8. Restart Firefox, and you’re all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Password Manager `_ native application. \ No newline at end of file +8. Restart Firefox, and you’re all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Password Manager `_ native application. diff --git a/source/misc-guides/tor-firefox/desktop.rst b/source/misc-guides/tor-firefox/desktop.rst new file mode 100644 index 0000000..81312e7 --- /dev/null +++ b/source/misc-guides/tor-firefox/desktop.rst @@ -0,0 +1,96 @@ +.. _firefox-tor-desktop: + +************************************** +Setting up Firefox with Tor on Desktop +************************************** + +.. warning:: + This guide assumes you have completed :ref:`setting up Tor`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor. + +1. Open Firefox. + +2. Enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings. + +3. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``. + + .. figure:: /_static/images/tor/firefox_whitelist.png + :width: 80% + :alt: Firefox whitelist onions screenshot + +4. Download a `Proxy Auto Config` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file by following the OS-specific instructions below: + +Windows: + +Click `here `_ to get the file and save the file somewhere you won’t delete it. For this example: + + .. code-block:: + + C:\Program Files\Tor Browser\proxy.pac + +Mac: + +Open the `Terminal` App on your Mac. You can find it in your list of Applications. In the terminal, enter: + + .. code-block:: + + brew install wget + + And then: + + .. code-block:: + + wget -P /usr/local/etc/tor https://registry.start9labs.com/sys/proxy.pac + +Linux: + +From a terminal, enter: + + .. code-block:: + + sudo wget -P /etc/tor https://registry.start9labs.com/sys/proxy.pac + + +5. Now open your Firefox web browser, and select options (Windows), or preferences (Mac/Linux): + + .. figure:: /_static/images/tor/firefox_options_windows.png + :width: 80% + :alt: Firefox options screenshot + + Select :menuselection:`Settings --> Options` + + +6. Search for the term “proxy” in the search bar in the upper right, then select the button that says `Settings…`: + + .. figure:: /_static/images/tor/firefox_search.png + :width: 80% + :alt: Firefox search screenshot + +7. This should open a menu that will allow you to configure your proxy settings. Select `Automatic proxy configuration URL` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example: + +Windows: + + .. code-block:: + + file://C:/Program Files/Tor Browser/proxy.pac + +Mac: + + .. code-block:: + + file:///usr/local/etc/tor/proxy.pac + +Linux: + + .. code-block:: + + file:///etc/tor/proxy.pac + +8. Then, check the box labeled `Proxy DNS when using SOCKS v5`: + + .. figure:: /_static/images/tor/firefox_proxy.png + :width: 80% + :alt: Firefox proxy settings screenshot + +9. Click ``OK`` and then restart Firefox for the changes to take effect. + +10. You’re all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Firefox Plugin `_. diff --git a/source/misc-guides/tor-firefox/index.rst b/source/misc-guides/tor-firefox/index.rst index 493112b..5f4ef38 100644 --- a/source/misc-guides/tor-firefox/index.rst +++ b/source/misc-guides/tor-firefox/index.rst @@ -10,9 +10,7 @@ Configuring Firefox for Tor Once you have completed the above guide, select your device's operating system below: .. toctree:: - :maxdepth: 1 + :maxdepth: 2 - MacOS - Windows - Linux - Android \ No newline at end of file + Desktop + Mobile diff --git a/source/misc-guides/tor-firefox/ios.rst b/source/misc-guides/tor-firefox/ios.rst new file mode 100644 index 0000000..ad0a5b8 --- /dev/null +++ b/source/misc-guides/tor-firefox/ios.rst @@ -0,0 +1,9 @@ +.. _firefox-tor-ios: + +********************************** +Setting up Firefox with Tor on iOS +********************************** + +Unfortunately, Apple does not allow tor to be run natively on iOS. This means that Firefox cannot be configured to use tor. This leaves the following options for iOS users: + +You can use Start9 Labs' own Consulate Browser, which is available `here `_, or you can select another Tor Browser by searching the `App Store `_. diff --git a/source/misc-guides/tor-firefox/linux.rst b/source/misc-guides/tor-firefox/linux.rst deleted file mode 100644 index 9df525b..0000000 --- a/source/misc-guides/tor-firefox/linux.rst +++ /dev/null @@ -1,54 +0,0 @@ -.. _firefox-tor-linux: - -************************************ -Setting up Firefox with Tor on Linux -************************************ - -.. warning:: - This guide assumes you have completed :ref:`setting up Tor for Linux`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor. - -#. Open Firefox. - -#. Enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings. - -#. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``. - - .. figure:: /_static/images/tor/firefox_whitelist.png - :width: 80% - :alt: Firefox whitelist onions screenshot - -#. Create a `Proxy Auto Config` file (advanced) or use our standard one (recommended): - - .. code-block:: - - sudo wget -P /etc/tor https://registry.start9labs.com/sys/proxy.pac - -#. Now open your Firefox web browser, and select preferences. - - .. figure:: /_static/images/tor/firefox_preferences.png - :width: 80% - :alt: Firefox preferences screenshot - - Select :menuselection:`Settings --> Preferences` - -#. Search for the term “proxy” in the search bar in the upper right, then select the button that says `Settings…`. - - .. figure:: /_static/images/tor/firefox_search.png - :width: 80% - :alt: Firefox search screenshot - -#. This should open a menu that will allow you to configure your proxy settings. Select `Automatic proxy configuration URL` and paste in: - - .. code-block:: - - file:///etc/tor/proxy.pac - -#. Check the box labeled `Proxy DNS when using SOCKS v5`. - - .. figure:: /_static/images/tor/firefox_proxy.png - :width: 80% - :alt: Firefox proxy settings screenshot - -#. Click ``OK`` and then restart Firefox for the changes to take effect. - -You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Firefox Plugin `_. \ No newline at end of file diff --git a/source/misc-guides/tor-firefox/mac.rst b/source/misc-guides/tor-firefox/mac.rst deleted file mode 100644 index 9d8e0a7..0000000 --- a/source/misc-guides/tor-firefox/mac.rst +++ /dev/null @@ -1,64 +0,0 @@ -.. _firefox-tor-mac: - -************************************ -Setting up Firefox with Tor on MacOS -************************************ - -.. warning:: - This guide assumes you have completed :ref:`setting up Tor for MacOS`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor. - -#. Open Firefox. - -#. Enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings. - -#. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``. - - .. figure:: /_static/images/tor/firefox_whitelist.png - :width: 80% - :alt: Firefox whitelist onions screenshot - -#. Next, download the `Proxy Auto Config` file. This file tells Firefox which URLs to use for Tor. - - #. Open the `Terminal` App on your Mac. You can find it in your list of Applications. - - #. Enter into the terminal: - - .. code-block:: - - brew install wget - - #. And then: - - .. code-block:: - - wget -P /usr/local/etc/tor https://registry.start9labs.com/sys/proxy.pac - -#. Open your Firefox web browser, and select preferences: - - .. figure:: /_static/images/tor/firefox_preferences.png - :width: 80% - :alt: Firefox preferences screenshot - - Select :menuselection:`Settings --> Preferences` - -#. Search for the term “proxy” in the search bar in the upper right, then select the button that says `Settings…`: - - .. figure:: /_static/images/tor/firefox_search.png - :width: 80% - :alt: Firefox search screenshot - -#. This should open a menu that will allow you to configure your proxy settings. Select `Automatic proxy configuration URL` and paste in: - - .. code-block:: - - file:///usr/local/etc/tor/proxy.pac - -#. Then, check the box labeled `Proxy DNS when using SOCKS v5`: - - .. figure:: /_static/images/tor/firefox_proxy.png - :width: 80% - :alt: Firefox proxy settings screenshot - -#. Click ``OK`` and then restart Firefox for the changes to take effect. - -#. You’re all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Firefox Plugin `_. \ No newline at end of file diff --git a/source/misc-guides/tor-firefox/mobile.rst b/source/misc-guides/tor-firefox/mobile.rst new file mode 100644 index 0000000..9b290f6 --- /dev/null +++ b/source/misc-guides/tor-firefox/mobile.rst @@ -0,0 +1,13 @@ +.. _firefox-tor-mobile: + +************************************** +Setting up Firefox with Tor on Mobile +************************************** + +If you are on Android, you can continue after setting up Tor on your device. If you are on iOS, click below for your options. + +.. toctree:: + :maxdepth: 1 + + Android + iOS diff --git a/source/misc-guides/tor-firefox/windows.rst b/source/misc-guides/tor-firefox/windows.rst deleted file mode 100644 index f4a4cdd..0000000 --- a/source/misc-guides/tor-firefox/windows.rst +++ /dev/null @@ -1,54 +0,0 @@ -.. _firefox-tor-windows: - -************************************** -Setting up Firefox with Tor on Windows -************************************** - -.. warning:: - This guide assumes you have completed :ref:`setting up Tor for Windows`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor. - -#. Open Firefox. - -#. Enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings. - -#. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``. - - .. figure:: /_static/images/tor/firefox_whitelist.png - :width: 80% - :alt: Firefox whitelist onions screenshot - -#. Download a `Proxy Auto Config` file that will use the Tor service to resolve .onion urls. We have one hosted `here `_. Save it somewhere you won’t delete it. For this example: - - .. code-block:: - - C:\Program Files\Tor Browser\proxy.pac - -#. Now open your Firefox web browser, and select options: - - .. figure:: /_static/images/tor/firefox_options_windows.png - :width: 80% - :alt: Firefox options screenshot - - Select :menuselection:`Settings --> Options` - -#. Search for the term “proxy” in the search bar in the upper right, then select the button that says `Settings…`: - - .. figure:: /_static/images/tor/firefox_search.png - :width: 80% - :alt: Firefox search screenshot - -#. This should open a menu that will allow you to configure your proxy settings. Select `Automatic proxy configuration URL` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example: - - .. code-block:: - - file://C:/Program Files/Tor Browser/proxy.pac - -#. Check the box labeled `Proxy DNS when using SOCKS v5`: - - .. figure:: /_static/images/tor/firefox_proxy.png - :width: 80% - :alt: Firefox proxy settings screenshot - -#. Click ``OK`` and then restart Firefox for the changes to take effect. - -#. You’re all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, and use your Bitwarden Tor address in the `Bitwarden Firefox Plugin `_. \ No newline at end of file diff --git a/source/misc-guides/tor-os/index.rst b/source/misc-guides/tor-os/index.rst index 328c50c..6bdd88b 100644 --- a/source/misc-guides/tor-os/index.rst +++ b/source/misc-guides/tor-os/index.rst @@ -14,4 +14,5 @@ Select your operating system to get started: MacOS Windows Linux - Android \ No newline at end of file + Android + iOS diff --git a/source/misc-guides/tor-os/ios.rst b/source/misc-guides/tor-os/ios.rst new file mode 100644 index 0000000..847cbc0 --- /dev/null +++ b/source/misc-guides/tor-os/ios.rst @@ -0,0 +1,9 @@ +.. _tor-ios: + +********************* +Setting up Tor on iOS +********************* + +Unfortunately, Apple does not allow tor to be run natively on iOS. This leaves 2 options for iOS users: + +You can use Start9 Labs' own Consulate Browser, which is available `here `_, or you can select another Tor Browser by searching the `App Store `_. diff --git a/source/misc-guides/tor-os/windows.rst b/source/misc-guides/tor-os/windows.rst index 4b9284f..9af4a0c 100644 --- a/source/misc-guides/tor-os/windows.rst +++ b/source/misc-guides/tor-os/windows.rst @@ -12,7 +12,7 @@ Running Tor on Windows Download Tor for Windows -#. Once it is downloaded, go ahead and run the installer. If you want to install the program outside of your user directory, you will have to right click and select `Run as Administrator`. +#. Once it is downloaded, go ahead and run the installer. If you want to install the program outside of your user directory, you will have to right click and select `Run as Administrator`. #. Once you have selected a language, you should see a menu like this: @@ -28,11 +28,11 @@ Running Tor on Windows * In Windows 10, you can simply type ``cmd`` in the Windows search bar, right click on the first result, and select `Run as Administrator`. -#. Once it opens, you can run the following commands, inserting your destination folder in place of ````: +#. Once it opens, you can run the following commands, inserting your destination folder (from above) in place of ````: .. code-block:: - sc create tor start=auto binPath="\Tor Browser\Browser\TorBrowser\Tor\tor.exe -nt-service" + sc create tor start=auto binPath="\Browser\TorBrowser\Tor\tor.exe -nt-service" sc start tor #. When you run this, it should look something like this: @@ -43,4 +43,4 @@ Running Tor on Windows Replace highlighted section with noted destination folder -#. That's it! Your Windows computer is now setup to natively use Tor. \ No newline at end of file +#. That's it! Your Windows computer is now setup to natively use Tor. diff --git a/source/support/FAQ/setup-faq.rst b/source/support/FAQ/setup-faq.rst index 22377de..fc71d7d 100644 --- a/source/support/FAQ/setup-faq.rst +++ b/source/support/FAQ/setup-faq.rst @@ -28,6 +28,10 @@ This is most likely a transient networking issue that will correct itself in a f 3. Restart your router. +Do I need to take any additional security precautions with my device, for example with my router/modem? +------------------------------------------------------------------------------------------------------- +Nothing special is required, however, it is best practice to use good passwords, i.e. for your WiFi and your Embassy. Here's a `comic `_ explaining how to make strong passwords, simply. + What if I have an unique network issue, for example, with a firewall? --------------------------------------------------------------------- The Embassy is designed to work as simply as possible, for as many as possible, while providing the ability to self-host in a private manner. If you have an agressive or custom firewall, or other custom network settings, there is a good chance that addtional configuration may be necessary. We will continue to learn about custom networking issues, update our docs with resources, and help in the community :ref:`channels ` to the best of our ability. diff --git a/source/support/FAQ/usage-faq.rst b/source/support/FAQ/usage-faq.rst index df274d2..62474c5 100644 --- a/source/support/FAQ/usage-faq.rst +++ b/source/support/FAQ/usage-faq.rst @@ -52,6 +52,12 @@ Do I need to delete existing backups before doing a new backup? Or does a new ba ------------------------------------------------------------------------------------------------------------- No, you don’t need to delete the old backups. The technology we use updates the existing backup. +Can I clone my Embassy SD card for backup purposes? +--------------------------------------------------- +Warning: **DO NOT do this if you are running LND or c-lightning**. If you clone the SD card, then go back to running LND or c-lightning, and you *ever* try to restore the SD card, there is a good chance you will lose *all your channel funds*. Also, if you try to use the SD card for a 2nd Embassy, that will also result in loss of funds. This has nothing to do with Start9 or the Embassy; it is inherent to the architecture of Lightning. + +If you are not running LND or c-lightning, then *yes*, it is possible to do a deep clone of the SD card as a backup. But even here, there are some considerations: Start9 does not test/support this officially, which means it is untested. Also, it may take a while to do a deep clone of the card since the ones we ship are 128GB and there isn't a really effective way to clone the Embassy card that isn't a byte-for-byte copy. However, if you do a byte for byte copy (128GB), and run `PiShrink `_ you could flash that image file onto a new card and restore all of your data. + Why would I even buy this when I can just build it for free?? ------------------------------------------------------------- (1) White glove support. Because each Embassy comes with a unique product key engraved on it, and we have a record of all product keys ever, we can ask the user to verify their product key in order to receive a higher tier of support, such as phone calls. diff --git a/source/user-manual/general/lan-setup/browser.rst b/source/user-manual/general/lan-setup/browser-setup.rst similarity index 86% rename from source/user-manual/general/lan-setup/browser.rst rename to source/user-manual/general/lan-setup/browser-setup.rst index 0e02e21..54689a3 100644 --- a/source/user-manual/general/lan-setup/browser.rst +++ b/source/user-manual/general/lan-setup/browser-setup.rst @@ -1,15 +1,26 @@ -.. _browsers: +.. _browser-setup: -******* -Browser -******* +Browser Setup +============= -.. warning:: Make sure you have completed setup on your :ref:`device ` before continuing! +.. warning:: Make sure you have completed your :ref:`computer setup ` before continuing! + +Select the browser you would like to configure to import the certificate from your desktop: + +.. .. toctree:: +.. :hidden: + +.. browser + +- :ref:`Brave ` +- :ref:`Chrome ` +- :ref:`Firefox ` +- :ref:`Safari ` .. _brave: Brave -===== +----- #. Navigate to your Brave Settings in a new tab. @@ -38,7 +49,7 @@ Brave .. _chrome: Chrome -====== +------ #. Once you have followed the steps to setup your device, open a new tab to apply the certificate. If this does not work, quit and restart Chrome. @@ -49,7 +60,7 @@ Chrome .. _firefox: Firefox -======== +------- #. Navigate to your Firefox Settings in a new tab. @@ -88,6 +99,6 @@ Firefox .. _safari: Safari -====== +------ -Once you have completed the steps to install a SSL certificate on your device, simply open a new tab to apply the changes. If this does not work, quit and restart Safari. You can now securely navigate to the LAN address for your Embassy! \ No newline at end of file +Once you have completed the steps to install a SSL certificate on your device, simply open a new tab to apply the changes. If this does not work, quit and restart Safari. You can now securely navigate to the LAN address for your Embassy! diff --git a/source/user-manual/general/lan-setup/computer-setup.rst b/source/user-manual/general/lan-setup/computer-setup.rst new file mode 100644 index 0000000..960459b --- /dev/null +++ b/source/user-manual/general/lan-setup/computer-setup.rst @@ -0,0 +1,187 @@ +.. _computer-setup: + +Computer Setup +============== + +MacOS +----- + +#. Visit your Embassy at its Tor Address. + +#. Navigate to --> Embassy --> Connect Over LAN + + .. figure:: /_static/images/embassy_lan_setup.png + :width: 90% + :alt: LAN setup menu item + + Select the "Connect over LAN" menu item + +#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine. + + .. figure:: /_static/images/secure_lan_setup_page.png + :width: 90% + :alt: LAN setup page + + Select the "Root Certificate Authority" sub menu + +#. Select the option to open your key with Keychain Access. If you choose to save file, double click on it once downloaded. + + .. figure:: /_static/images/secure_lan_setup_prompt.png + :width: 90% + :alt: LAN setup prompt + + Open with "Keychain Access" and select "OK" + +#. Enter your computer password when prompted. It will be imported into your computer’s keychain. + + .. figure:: /_static/images/ssl/macos/certificate_untrusted.png + :width: 90% + :alt: Keychain access import menu + + Keychain access import menu + +#. If the keychain console did not open, press "Command + spacebar" and type “Keychain Access”, and hit enter to open it. + +#. Navigate to the "System" tab and find the certificate entitled “Embassy Local Root CA”. + +#. Double click on this certificate. A second window will pop up. + +#. Open the “Trust” dropdown and select “Always Trust” from the dropdown next to “when using this certificate”. + + .. figure:: /_static/images/ssl/macos/always_trust.png + :width: 90% + :alt: Keychain submenu + + Select "Always trust" under SSL dropdown for Embassy Local CA + +#. Close this window and enter your password to apply the settings. + +#. The “Embassy Local Root CA” cert will now read “This certificate is marked as trusted for all users” in Keychain Access. + + .. figure:: /_static/images/ssl/macos/certificate_trusted.png + :width: 90% + :alt: Keychain menu trusted certificate + + Trusted Embassy Local CA certificate + +#. Open your favorite browser to import this certificate and follow the steps for :ref:`browser setup `. + +Windows +------- + +#. Install `Bonjour Print Services `_ on your Windows machine. This is necessary in order to visit .local addresses on Windows. +#. If you are having issues running Bonjour after installing, you might have had Bonjour previously installed. To fix: + + #. Check out this video: https://www.youtube.com/watch?v=9ECCB3bqNDQ + #. Uninstall Bonjour completely via ``system settings -> remove programs`` + #. Reinstall Bonjour Printer Driver package (download at https://support.apple.com/kb/DL999?locale=en_US) + #. Restart Windows + #. Note: Uninstalling Bonjour via the setup package seems to be not enough to solve the issue. Bonjour must be uninstalled via windows system settings. + +#. Visit your Embassy at its Tor Address. + +#. Navigate to --> Embassy --> Connect Over LAN + + .. figure:: /_static/images/embassy_lan_setup.png + :width: 90% + :alt: LAN setup menu item + + Select the "Connect over LAN" menu item + +#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine. + + .. figure:: /_static/images/secure_lan_setup_page.png + :width: 90% + :alt: LAN setup page + + Select the "Root Certificate Authority" sub menu download icon + +#. Select the option to save the *Embassy Local CA.crt* file. + + .. figure:: /_static/images/ssl/windows/windows_download_cert.png + :width: 90% + :alt: LAN setup prompt + + "Save file" when Opening Embassy Local CA.crt + +#. On your computer, right-click the “Start” menu and select “Run”. + +#. Type in “mmc” and click “OK”. When prompted on the “User Account Control” window, select “Yes” to allow this program to run. + + .. figure:: /_static/images/ssl/windows/1_windows_mmc.png + :width: 90% + :alt: Windows MMC + + Access the Windows Management Console + +#. When the Management Console opens, navigate to *File > Add/Remove Snap-in*. + + .. figure:: /_static/images/ssl/windows/2_windows_console_root.png + :width: 90% + :alt: Windows Console Root + + Add Snap-in from Console Root + +#. Select “Certificates” in the left side menu, then “Add”. This will open another window. + + .. figure:: /_static/images/ssl/windows/3_windows_add_certificates.png + :width: 90% + :alt: Add Certificates + + Add Certificates to selected snap-ins + +#. Select “Computer account” and click “Next. Leave defaulted options on the next screen and click “Finish”. + +#. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”. + + .. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png + :width: 90% + :alt: Snap-in Selected + + Certificates (Local Computer) is selected as snap-in + +#. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates. + + .. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png + :width: 90% + :alt: Certificates in Management Console + + Access Certificates in Management Console + +#. Right click on “Certificates”, then navigate to *All Tasks > Import*. + + .. figure:: /_static/images/ssl/windows/6_windows_import_cert.png + :width: 90% + :alt: Import certificate + + Select "Import" from Certificates sub-menu + +#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and click “Open”. + + .. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png + :width: 90% + :alt: Import cert wizard + + Add downloaded certificate int he Certificate Import Wizard + +#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”. + +#. Select “OK” when the import is successful. + +#. Verify the Embassy Local Root CA certificate is in the “Certificates” folder. + + .. figure:: /_static/images/ssl/windows/8_windows_successful_cert_install.png + :width: 90% + :alt: Successful cert install + + Embassy Local Root CA imported into Certificate folder + +#. You can save the settings to the console if desired or cancel. + +#. Open your favorite browser to import this certificate and follow the steps for :ref:`browser setup `. + + +Linux +----- + +Nothing specific needs to be configured for this environment. Open your favorite browser to import this certificate and follow the steps for :ref:`browser setup `. diff --git a/source/user-manual/general/lan-setup/desktop.rst b/source/user-manual/general/lan-setup/desktop.rst index ec7fb99..9935392 100644 --- a/source/user-manual/general/lan-setup/desktop.rst +++ b/source/user-manual/general/lan-setup/desktop.rst @@ -1,204 +1,11 @@ -******** +******* Desktop -******** +******* -Operating Systems -================= - -MacOS ------ - -#. Visit your Embassy at its Tor Address. - -#. Navigate to --> Embassy --> Connect Over LAN - - .. figure:: /_static/images/embassy_lan_setup.png - :width: 90% - :alt: LAN setup menu item - - Select the "Connect over LAN" menu item - -#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine. - - .. figure:: /_static/images/secure_lan_setup_page.png - :width: 90% - :alt: LAN setup page - - Select the "Root Certificate Authority" sub menu - -#. Select the option to open your key with Keychain Access. If you choose to save file, double click on it once downloaded. - - .. figure:: /_static/images/secure_lan_setup_prompt.png - :width: 90% - :alt: LAN setup prompt - - Open with "Keychain Access" and select "OK" - -#. Enter your computer password when prompted. It will be imported into your computer’s keychain. - - .. figure:: /_static/images/ssl/macos/certificate_untrusted.png - :width: 90% - :alt: Keychain access import menu - - Keychain access import menu - -#. If the keychain console did not open, press "Command + spacebar" and type “Keychain Access”, and hit enter to open it. - -#. Navigate to the "System" tab and find the certificate entitled “Embassy Local Root CA”. - -#. Double click on this certificate. A second window will pop up. - -#. Open the “Trust” dropdown and select “Always Trust” from the dropdown next to “when using this certificate”. - - .. figure:: /_static/images/ssl/macos/always_trust.png - :width: 90% - :alt: Keychain submenu - - Select "Always trust" under SSL dropdown for Embassy Local CA - -#. Close this window and enter your password to apply the settings. - -#. The “Embassy Local Root CA” cert will now read “This certificate is marked as trusted for all users” in Keychain Access. - - .. figure:: /_static/images/ssl/macos/certificate_trusted.png - :width: 90% - :alt: Keychain menu trusted certificate - - Trusted Embassy Local CA certificate - -#. Open to your favorite browser to import this certificate and follow the steps for :ref:`supported browsers `. - -Windows -------- - -#. Install `Bonjour Print Services `_ on your Windows machine. This is necessary in order to visit .local addresses on Windows. -#. If you are having issues running Bonjour after installing, you might have had Bonjour previously installed. To fix: - - #. Check out this video: https://www.youtube.com/watch?v=9ECCB3bqNDQ - #. UNinstall Bonjour completely via ``system settings -> remove programs`` - #. Reinstall Bonjour Printer Driver package (download at https://support.apple.com/kb/DL999?locale=en_US) - #. Restart Windows - #. Note: Uninstalling Bonjour via the setup package seems to be not enough to solve the issue. Bonjour must be uninstalled via windows system settings. - -#. Visit your Embassy at its Tor Address. - -#. Navigate to --> Embassy --> Connect Over LAN - - .. figure:: /_static/images/embassy_lan_setup.png - :width: 90% - :alt: LAN setup menu item - - Select the "Connect over LAN" menu item - -#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine. - - .. figure:: /_static/images/secure_lan_setup_page.png - :width: 90% - :alt: LAN setup page - - Select the "Root Certificate Authority" sub menu download icon - -#. Select the option to save the *Embassy Local CA.crt* file. - - .. figure:: /_static/images/ssl/windows/windows_download_cert.png - :width: 90% - :alt: LAN setup prompt - - "Save file" when Opening Embassy Local CA.crt - -#. On your computer, right-click the “Start” menu and select “Run”. - -#. Type in “mmc” and click “OK”. When prompted on the “User Account Control” window, select “Yes” to allow this program to run. - - .. figure:: /_static/images/ssl/windows/1_windows_mmc.png - :width: 90% - :alt: Windows MMC - - Access the Windows Management Console - -#. When the Management Console opens, navigate to *File > Add/Remove Snap-in*. - - .. figure:: /_static/images/ssl/windows/2_windows_console_root.png - :width: 90% - :alt: Windows Console Root - - Add Snap-in from Console Root - -#. Select “Certificates” in the left side menu, then “Add”. This will open another window. - - .. figure:: /_static/images/ssl/windows/3_windows_add_certificates.png - :width: 90% - :alt: Add Certificates - - Add Certificates to selected snap-ins - -#. Select “Computer account” and click “Next. Leave defaulted options on the next screen and click “Finish”. - -#. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”. - - .. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png - :width: 90% - :alt: Snap-in Selected - - Certificates (Local Computer) is selected as snap-in - -#. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates. - - .. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png - :width: 90% - :alt: Certificates in Management Console - - Access Certificates in Management Console - -#. Right click on “Certificates”, then navigate to *All Tasks > Import*. - - .. figure:: /_static/images/ssl/windows/6_windows_import_cert.png - :width: 90% - :alt: Import certificate - - Select "Import" from Certificates sub-menu - -#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and click “Open”. - - .. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png - :width: 90% - :alt: Import cert wizard - - Add downloaded certificate int he Certificate Import Wizard - -#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”. - -#. Select “OK” when the import is successful. - -#. Verify the Embassy Local Root CA certificate is in the “Certificates” folder. - - .. figure:: /_static/images/ssl/windows/8_windows_successful_cert_install.png - :width: 90% - :alt: Successful cert install - - Embassy Local Root CA imported into Certificate folder - -#. You can save the settings to the console if desired or cancel. - -#. Open to your favorite browser to import this certificate and follow the steps for :ref:`supported browsers `. - - -Linux ------ - -Nothing specific needs to be configured for this environment. Follow the guides below to import the certificate into your desired browser. - -Browsers -======== - -Select the browser you would like to configure to import the certificate from your desktop: +Enabling LAN connectivity for desktop involves configuring both your computer and your browser. .. toctree:: - :hidden: + :maxdepth: 1 - browser - -- :ref:`Brave ` -- :ref:`Chrome ` -- :ref:`Firefox ` -- :ref:`Safari ` \ No newline at end of file + Computer Setup + Browser Setup diff --git a/source/user-manual/general/lan-setup/index.rst b/source/user-manual/general/lan-setup/index.rst index ceadd34..6ccdea8 100644 --- a/source/user-manual/general/lan-setup/index.rst +++ b/source/user-manual/general/lan-setup/index.rst @@ -11,5 +11,5 @@ The guides below will walk you through the steps to install and trust your Embas .. toctree:: :maxdepth: 2 - desktop - mobile \ No newline at end of file + Desktop + Mobile