Start9/documentation
2
0
Fork 0
mirror of https://github.com/Start9Labs/documentation.git synced 2026-03-26 02:11:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3bad4b440bc207584bbcf9629ed08258298343e9
documentation/site/source/device-guides/mac/ca-mac.rst
Matt Hill 3bad4b440b rework ca trusting flow (#547) 
* rework ca trusting flow

* abstract firefox guides for ca and tor

* remove uneeded package.lock

* fix references, update submodule

* clean up
2023-11-19 11:26:58 -07:00

55 lines
2.7 KiB
ReStructuredText
Raw Blame History

.. _ca-mac:
============================
Trusting Your Root CA on Mac
============================
Complete this guide to trust your server's Root Certificate Authority (Root CA) on Mac.
#. Ensure you have :ref:`downloaded your Root CA <root-ca-download>`
#. Locate your downloaded Root CA. Right click it and select *Show in Folder*:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-3-show_in_folder.png
:width: 60%
:alt: Show certificate file in Downloads folder
#. Finder will open. Locate your unique `adjective-noun.local.crt` file in your *Downloads* folder and double click it to import it into the *Keychain Access* program. You will be prompted for your macOS username and password, or thumbprint. Then select *Modify Keychain*:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-4-modify_keychain.png
:width: 60%
#. Press Command + Spacebar to launch a program, type in *Keychain Access* and select the resulting *Keychain Access* program to open it.
.. figure:: /_static/images/ssl/macos/trust-cert-macos-4.5-keychain_access.png
:width: 60%
#. Your server's CA certificate will be displayed among the imported certificates in Keychain Access. Right-click on the imported CA cert and select *Get Info*:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-5-cert-get_info.png
:width: 60%
:alt: Keychain Access - Get Info of CA Certificate
#. The details of your CA certificate will be displayed in a new dialog window. Expand the **Trust** heading, then select "**Always Trust**" on **Secure Sockets Layer (SSL)** and **X.509 Basic Policy**.
.. figure:: /_static/images/ssl/macos/trust-cert-macos-6-ssl_tls-always_trust.png
:width: 60%
:alt: Trust CA Certificate
Click the red (x) button at the top left of the Local Root CA dialog window.
#. You will then be prompted again for your username and password, or thumbprint. Enter those and click **Update Settings**:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-7-password-update_settings.png
:width: 60%
:alt: Authenticate to change the settings
#. You will see your server's CA certificate as trusted now, signified by a blue (+) sign and the CA cert information will now say "This certificate is marked as trusted for all users" in Keychain Access:
.. figure:: /_static/images/ssl/macos/trust-cert-macos-8-cert_trusted.png
:width: 60%
:alt: Keychain submenu
.. tip:: If the keychain console did not show the certificate as trusted, press "Command + spacebar" and type “Keychain Access”, and hit enter to re-open it.
#. If using Firefox (recommended), complete :ref:`this final step <ca-ff>`
Reference in New Issue View Git Blame Copy Permalink