Menu

Caution

You are not reading the latest stable version of this documentation. If you want up-to-date information, please have a look at 0.3.5.x.

Trusting Your Start9 CA on Linux

Complete this guide to download your Start9 server’s Root Certificate Authority (CA), and trust it on your client device (Windows). This allows you to use encrypted https connections to your .local (LAN) and .onion (tor) server addresses, access services on LAN, and enhances performance on tor. The Root CA was created by your server when you perfomed the initial setup, and signs the certificate of your server’s main UI, as well as that of all services.

Caution

If you cannot connect following this guide, you may be using an application (such as Firefox) that is installed in a jailed environment, such as an appimage, flatpak, or snap. Please try an alternate install method if so.

Download Root CA

First, download your Start9 server’s Root CA, if you have not already.

  • Navigate to System -> Root CA, then click “Download Root CA”.

    Navigate to System > Root CA

Alternatively, you can download to another machine, then transfer the file to your device.

Trust Root CA

These instructions will work for most Debian-based Linux distributions, such as Debian, Linux Mint, PopOS, Ubuntu, etc.

  1. Perform the following commands in the Terminal:

    sudo apt update
    sudo apt install -y ca-certificates p11-kit
    
  2. Change directory into the folder where you downloaded your StartOS server’s Root CA (usually ~/Downloads), and run the following commands to add your Start9 server’s CA certificate to the OS trust store:

    Caution

    Be careful to replace adjective-noun with your server’s unique hostname in the 3rd and 4th commands below!

    cd ~/Downloads
    sudo mkdir -p /usr/share/ca-certificates/start9
    sudo cp adjective-noun.local.crt /usr/share/ca-certificates/start9/
    sudo bash -c "echo 'start9/adjective-noun.local.crt' >> /etc/ca-certificates.conf"
    sudo update-ca-certificates
    

In the output it should say 1 added if it was successful. For most applications, you will now be able to securely connect via https. We highly recommend continuing on to our Configuring Firefox guide.

You’re now ready to browse your service UIs with encryption, either via the browser, or with native client apps. For Mozilla apps, such as Firefox, you will need to follow the Firefox Config guide, which we highly recommend.