docs: update instructions to include SSL/TLS support (#10)

* docs: update setup instructions to include SSL/TLS support - Updated setup.md to include steps for generating and using SSL certificates - Detailed the process for adding SSL certificates to the device - Provided a note on the need to add the certificate each time a new one is generated docs: Update SSL/TLS support documentation - Updated documentation to clarify that installing the SSL certificate is only necessary for external access - Updated the instructions for adding the certificate to trusted certificates on various operating systems docs:Updated retrieval steps for the certificate * chore: update min required rust version to 1.80 (#11) Signed-off-by: Matej Vukosav <[email protected]> * chore: add manifesto (#12) Signed-off-by: Suulee16 <[email protected]> * 03-manifesto.mdx (#13) Edited formatting mistakes Signed-off-by: Suulee16 <[email protected]> --------- Signed-off-by: Matej Vukosav <[email protected]> Signed-off-by: Suulee16 <[email protected]> Co-authored-by: Matej Vukosav <[email protected]> Co-authored-by: Suulee16 <[email protected]>
calimero-network · Aug 12, 2024 · 49b7733 · 49b7733
1 parent 3003b9b
commit 49b7733
Showing 1 changed file with 53 additions and 3 deletions.
diff --git a/docs/03-getting-started/01-setup.mdx b/docs/03-getting-started/01-setup.mdx
@@ -50,7 +50,57 @@ cargo run -p meroctl -- --node-name node1 --home data run
 
 Node is now initialized and ready for use.
 
-### Congratulations on setting up your node!
+### SSL/TLS Support
 
-Your next step is to add an authentication mechanism to your node by adding a
-decentralized identity.
+To be able to access the the node from external source on the same network you will need to install the generated self-signed certificate.
+
+> **_NOTE:_** Installing the SSL certificate is only necessary if you plan to access the node from an external source on the same network. If you are running the application locally, you do not need to install the certificate.
+
+### Steps to Add the Certificate to Your Device
+
+1. **Locate the Certificate**:
+    - Download the certificate from `http://localhost:<server-port>/admin-api/certificate`.
+    - The `<server-port>` is the port number used as an argument in the `--server-port` flag in the section [Initialize and start your node (separate terminal)](#initialize-and-start-your-node-separate-terminal).
+    - For example:
+    \`\`\`bash
+    http://localhost:2428/admin-api/certificate
+    \`\`\`
+
+2. **Add the Certificate to Trusted Certificates**:
+
+   - **For Windows**:
+     1. Open the `Run` dialog (Win + R) and type `mmc` to open the Microsoft Management Console.
+     2. Go to `File` -> `Add/Remove Snap-in...`.
+     3. Select `Certificates` and click `Add`.
+     4. Choose `Computer account`, then `Next` and `Finish`.
+     5. Expand `Certificates (Local Computer)` -> `Trusted Root Certification Authorities`.
+     6. Right-click `Certificates`, then `All Tasks` -> `Import...`.
+     7. Follow the prompts to import the certificate file.
+
+   - **For macOS**:
+     1. Double-click the certificate file.
+     2. This will open the `Keychain Access` application.
+     3. Choose `System` from the list of keychains.
+     4. Drag and drop the certificate into the `System` keychain.
+     5. Authenticate with your administrator password if prompted.
+     6. Right-click the certificate and select `Get Info`.
+     7. Expand the `Trust` section and select `Always Trust` from the `When using this certificate` dropdown.
+
+   - **For Linux**:
+     1. Copy the certificate to `/usr/local/share/ca-certificates/` (or `/etc/pki/ca-trust/source/anchors/` depending on your distribution).
+     2. Run `sudo update-ca-certificates` (or `sudo update-ca-trust extract` for Red Hat-based distributions).
+
+3. **Restart Your Browser**:
+   - Close and reopen your web browser to ensure it recognizes the newly added certificate.
+
+### Rules for Generating SSL Certificates
+
+- If a certificate doesn't exist, a new one will be generated based on your current local IP address.
+- If a certificate exists for the current IP address, it will be used.
+- If a certificate exists but is not configured for the current IP address, a new certificate will be created.
+
+> **_NOTE:_** Every time a new certificate is generated (e.g., on the first start of the server or when the IP address changes), you will need to add it to your device's trusted certificates.
+
+### Congratulations on Setting Up Your Node!
+
+Your next step is to add an authentication mechanism to your node by adding a decentralized identity.