Complete this guide to download your Start9 server’s Root Certificate Authority (CA), and trust it on your client device (Windows). This allows you to use encrypted https connections to your .local (LAN) and .onion (tor) server addresses, access services on LAN, and enhances performance on tor. The Root CA was created by your server when you performed the initial setup, and signs the certificate of your server’s main UI, as well as that of all services.
Unfortunately, Windows does not have mDNS alias support built-in, which is necessary in order to visit .local addresses for any service you install on your Start9 server, so we recommend using the Bonjour service. Check out this FAQ answer for details.
Note
Some users who run through the following instructions have successfully connected to their LAN services only to have them stop working weeks or months later. We believe these issues to be due to changes in Windows. When this happens the fix is to simply reinstall Bonjour and Bonjour Print Services. A solution is being worked on and Bonjour will not be necessary to connect to your Start9 server for much longer.
If you are still experiencing issues after installing Bonjour, you might have a faulty install.
In that case, run through the known fix:
Uninstall Bonjour and Bonjour Print Services completely via System Settings > Remove Programs
Note: Uninstalling Bonjour via the Bonjour Print Services setup package itself is not enough to solve the issue. Bonjour must be uninstalled via Windows’ System Settings menu.
Install the Bonjour Print Services package from Apple:
Back in Windows, click the “Start” menu, type “mmc”, and select “Run as administrator” to access the Windows Management Console.
When prompted with the “User Account Control” window, select “Yes” to allow this program to run.¶
When the Management Console opens, navigate to File > Add/Remove Snap-in.
Select “Certificates” in the left side menu, then “Add”. This will open another window.
Select “Computer account” and click “Next”. Leave defaulted options on the next screen and click “Finish”.
When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”.
In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.
Right click on the “Certificates” directory, then navigate to All Tasks > Import.
Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and open it. Then click “Next”.
On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”. Then click “Finish” on the final screen.
Select “OK” when the import is successful.
Verify your server’s unique <adjective-noun> Local Root CA certificate is in the “Certificates” folder:
You can save the console settings (where we added a snap-in), if desired. The CA certificate will remain imported to the CA certificate store either way, and you will likely use this guide if you need to import a new certificate.
You’re now ready to browse your service UIs with encryption, either via the browser, or with native client apps. For Mozilla apps, such as Firefox, you will need to follow the Firefox Config guide, which we highly recommend.
Documentation
