X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/cb9f22b9dd8859cddcbf844352ad83cff1b7194a..05094973696294e4d9effe87b9e9e45b06d89835:/doc/_includes/_install_ca_cert.liquid diff --git a/doc/_includes/_install_ca_cert.liquid b/doc/_includes/_install_ca_cert.liquid index 522a63a032..a886a62dbd 100644 --- a/doc/_includes/_install_ca_cert.liquid +++ b/doc/_includes/_install_ca_cert.liquid @@ -4,14 +4,6 @@ Copyright (C) The Arvados Authors. All rights reserved. SPDX-License-Identifier: CC-BY-SA-3.0 {% endcomment %} -h2(#ca_root_certificate). Install the CA root certificate (SSL_MODE=self-signed only) - -*If you are not using self-signed certificates (you selected SSL_MODE=lets-encrypt or SSL_MODE=bring-your-own), skip this section.* - -Arvados uses SSL to encrypt communications. The web interface uses AJAX which will silently fail if the certificate is not valid or signed by an unknown Certification Authority. - -For this reason, the @arvados-formula@ has a helper state to create a root certificate to authorize Arvados services. The @provision.sh@ script will leave a copy of the generated CA's certificate (@arvados-snakeoil-ca.pem@) in the script's directory so you can add it to your workstation. - h3. Web Browser Installing the root certificate into your web browser will prevent security errors when accessing Arvados services with your web browser. @@ -21,7 +13,7 @@ h4. Chrome # Go to "Settings → Privacy and Security → Security → Manage Certificates" or enter @chrome://settings/certificates@ in the URL bar. # *Click on the "Authorities" tab* (it is not selected by default) # Click on the "Import" button -# Choose @arvados-snakeoil-ca.pem@ +# Choose @{{ca_cert_name}}@ # Tick the checkbox next to "Trust this certificate for identifying websites" # Hit OK # The certificate should appear in the list of Authorities under "Arvados" @@ -33,14 +25,14 @@ h4. Firefox # Click on the button "View Certificates...". # Make sure the "Authorities" tab is selected # Press the "Import..." button. -# Choose @arvados-snakeoil-ca.pem@ +# Choose @{{ca_cert_name}}@ # Tick the checkbox next to "Trust this CA to identify websites" # Hit OK # The certificate should appear in the list of Authorities under "Arvados" h4. Other browsers (Safari, etc) -The process will be similar to that of Chrome and Firefox, but the exact user interface will be different. If you can't figure it out, try searching for "how do I install a custom certificate authority in ". +The process will be similar to that of Chrome and Firefox, but the exact user interface will be different. If you can't figure it out, try searching for "how do I install a custom certificate authority in (my browser)". h3. Installation on Linux OS certificate storage @@ -51,15 +43,15 @@ h4. Debian/Ubuntu *Important* the certificate file added to @ca-certificates@ must have the extension @.crt@ or it won't be recognized. -
cp arvados-snakeoil-ca.pem /usr/local/share/ca-certificates/arvados-snakeoil-ca.crt
+
cp {{ca_cert_name}} /usr/local/share/ca-certificates/arvados-snakeoil-ca.crt
 /usr/sbin/update-ca-certificates
 

 
 
-h4. CentOS
+h4. Alma/CentOS/Red Hat/Rocky
 
 
-
cp arvados-snakeoil-ca.pem /etc/pki/ca-trust/source/anchors/
+
cp {{ca_cert_name}} /etc/pki/ca-trust/source/anchors/
 /usr/bin/update-ca-trust