Caution
You are not reading the latest stable version of this documentation. If you want up-to-date information, please have a look at 0.3.5.x.
Complete this guide to download your Start9 server’s Root Certificate Authority (CA), and trust it on your client device (Mac). This allows you to use encrypted https
connections to your .local
(LAN) and .onion
(tor) server addresses, access services on LAN, and enhances performance on tor. The Root CA was created by your server when you perfomed the initial setup, and signs the certificate of your server’s main UI, as well as that of all services.
In your Start9 server’s UI, navigate to System -> LAN
Click Download Root CA and your browser will either automatically save the certificate to your Downloads folder or ask you where to save it:
Among the browser’s downloads, right click your certificate file and select Show in Folder:
Finder will open. Locate your unique adjective-noun.local.crt file in your Downloads folder and double click it to import it into the Keychain Access program. You will be prompted for your macOS username and password, or thumbprint. Then select Modify Keychain:
Press Command + Spacebar to launch a program, type in Keychain Access and select the resulting Keychain Access program to open it.
Your server’s CA certificate will be displayed among the imported certificates in Keychain Access. Right-click on the imported CA cert and select Get Info:
The details of your CA certificate will be displayed in a new dialog window. Expand the Trust heading, then select “Always Trust” on Secure Sockets Layer (SSL) and X.509 Basic Policy.
Click the red (x) button at the top left of the Local Root CA dialog window.
You will then be prompted again for your username and password, or thumbprint. Enter those and click Update Settings:
You will see your server’s CA certificate as trusted now, signified by a blue (+) sign and the CA cert information will now say “This certificate is marked as trusted for all users” in Keychain Access:
Tip
If the keychain console did not show the certificate as trusted, press “Command + spacebar” and type “Keychain Access”, and hit enter to re-open it.
You’re now ready to browse your service UIs with encryption, either via the browser, or with native client apps. For Mozilla apps, such as Firefox, you will need to follow the Firefox Config guide, which we highly recommend.