Start9/documentation
2
0
Fork 0
mirror of https://github.com/Start9Labs/documentation.git synced 2026-03-26 10:21:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a71ff64314223a6323f2a97d0f420ded70c42eaa
documentation/site/source/guides/device-guides/dg-linux/lan-linux.rst
gStart9 a71ff64314 Update Download Root CA screens/guide language (#466) 
* Update Download Root CA screens/guide language

* One more language change

* self-signed > Root CA-signed language

* One mo' language change
2023-08-10 21:55:18 -06:00

84 lines
4.0 KiB
ReStructuredText
Raw Blame History

.. _lan-linux:
================================
Trusting Your Start9 CA on Linux
================================
Complete this guide to download your Start9 server's Root Certificate Authority (CA), and trust it on your client device (Windows). This allows you to use encrypted ``https`` connections to your ``.local`` (LAN) and ``.onion`` (tor) server addresses, access services on LAN, and enhances performance on tor. The Root CA was created by your server when you perfomed the initial setup, and signs the certificate of your server's main UI, as well as that of all services.
.. caution:: If you cannot connect following this guide, you may be using an application (such as Firefox) that is installed in a jailed environment, such as an appimage, flatpak, or snap. Please try an alternate install method if so.
Download Root CA
----------------
First, download your Start9 server's Root CA, if you have not already.
- Navigate to **System** -> **Root CA**, then click "Download Root CA".
.. figure:: /_static/images/ssl/lan_setup.png
:width: 40%
:alt: Navigate to System > Root CA
Alternatively, you can download to another machine, then transfer the file to your device.
Trust Root CA
-------------
.. tabs::
.. group-tab:: Debian/Ubuntu
These instructions will work for most Debian-based Linux distributions, such as Debian, Linux Mint, PopOS, Ubuntu, etc.
#. Perform the following commands in the Terminal:
.. code-block:: bash
sudo apt update
sudo apt install -y ca-certificates p11-kit
#. Move into the folder where you downloaded your Start9 server's Root CA (usually ``~/Downloads``), and run the following commands to add your Start9 server's CA certificate to the OS trust store:
.. caution:: BE CERTAIN to replace ``adjective-noun`` with your server's unique hostname in the 3rd and 4th commands below!
.. code-block:: bash
cd ~/Downloads
sudo mkdir -p /usr/share/ca-certificates/start9
sudo cp "adjective-noun.local.crt" /usr/share/ca-certificates/start9/
sudo bash -c "echo 'start9/adjective-noun.local.crt' >> /etc/ca-certificates.conf"
sudo update-ca-certificates
In the output it should say ``1 added`` if it was successful. For most applications, you will now be able to securely connect via ``https``. We highly recommend continuing on to our :ref:`Configuring Firefox <ff-linux>` guide.
.. group-tab:: Arch/Garuda
From the folder you have downloaded your Start9 server's Root CA, run the following commands (if you have changed the certificate's filename, be sure to change it here):
.. code-block:: bash
sudo pacman -S ca-certificates
sudo cp "<custom-address>.crt" /etc/ca-certificates/trust-source/anchors/
sudo update-ca-trust
Despite no output from the last command, you can test your app right away.
.. group-tab:: CentOS/Fedora
First, ensure mDNS resolution is turned on so you can reach your server:
Ensure ``MulticastDNS=Yes`` is set in /etc/systemd/resolved.conf and then restart systemd-resolved:
.. code-block:: bash
sudo systemctl restart systemd-resolved
Trust your server's CA certificate:
From the folder you have downloaded your Start9 server's Root CA, run the following commands (if you have changed the certificate's filename, be sure to change it here):
.. code-block:: bash
sudo yum install ca-certificates
sudo cp "<custom-address>.crt" /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust
You're now ready to browse your service UIs with encryption, either via the browser, or with native client apps. For Mozilla apps, such as Firefox, you will need to follow the :ref:`Firefox Config <lan-ff>` guide, which we highly recommend.
Reference in New Issue View Git Blame Copy Permalink