{% comment %}
Copyright (C) The Arvados Authors. All rights reserved.
SPDX-License-Identifier: CC-BY-SA-3.0
{% endcomment %}
h3. Web Browser
Installing the root certificate into your web browser will prevent security errors when accessing Arvados services with your web browser.
h4. Chrome
# Go to "Settings → Privacy and Security → Security → Manage Certificates" or enter @chrome://settings/certificates@ in the URL bar.
# *Click on the "Authorities" tab* (it is not selected by default)
# Click on the "Import" button
# Choose @{{ca_cert_name}}@
# Tick the checkbox next to "Trust this certificate for identifying websites"
# Hit OK
# The certificate should appear in the list of Authorities under "Arvados"
h4. Firefox
# Go to "Preferences → Privacy & Security" or enter @about:preferences#privacy@ in the URL bar
# Scroll down to the *Certificates* section
# Click on the button "View Certificates...".
# Make sure the "Authorities" tab is selected
# Press the "Import..." button.
# Choose @{{ca_cert_name}}@
# Tick the checkbox next to "Trust this CA to identify websites"
# Hit OK
# The certificate should appear in the list of Authorities under "Arvados"
h4. Other browsers (Safari, etc)
The process will be similar to that of Chrome and Firefox, but the exact user interface will be different. If you can't figure it out, try searching for "how do I install a custom certificate authority in (my browser)".
h3. Installation on Linux OS certificate storage
To access your Arvados instance using command line clients (such as @arv-get@ and @arv-put@) without security errors, install the certificate into the OS certificate storage.
h4. Debian/Ubuntu
*Important* the certificate file added to @ca-certificates@ must have the extension @.crt@ or it won't be recognized.
cp {{ca_cert_name}} /usr/local/share/ca-certificates/arvados-snakeoil-ca.crt
/usr/sbin/update-ca-certificates
h4. Alma/CentOS/Red Hat/Rocky
cp {{ca_cert_name}} /etc/pki/ca-trust/source/anchors/
/usr/bin/update-ca-trust