Secure Browsing¶
Trusting a Self-Signed Certificate in Your Browser¶
AirStack Edge uses self-signed SSL/TLS certificates for secure communication unless a user provides their own certificates. By default, browsers do not trust self-signed certificates because they cannot verify the identity of the server. While the connection is encrypted you may see warnings like Your connection is not private and have to click through an error page.
This note explains how to configure your browser to trust a self-signed certificate after transferring it to your client device from your AirStack Edge Instance.
Step 1: Obtain the Certificate¶
- Export the certificate from your Edge device likely in /etc/airstack-edge/certs.
- Save it to your local device in .pem format.
Step 2: Add the Certificate to Your Browser¶
Chrome / Edge (Windows)¶
* Open Settings → Privacy and Security → Security → Manage Certificates.
* Switch to the Trusted Root Certification Authorities tab.
* Click Import.
* In the file dialog, select All Files (*.*) to see your .pem file.
* Select the .pem certificate and follow the prompts to add it.
* Restart the browser.
Chrome / Edge (macOS)¶
* Double-click the .pem file. Keychain Access will open.
* Add the certificate to the System keychain.
* Set Trust → When using this certificate → Always Trust.
* Restart the browser.
Firefox (Windows / macOS / Linux)¶
* Open Settings → Privacy & Security → Certificates → View Certificates.
* Click Import.
* Select your .pem file.
* Check Trust this CA to identify websites.
* Click OK.
* Restart Firefox.
Safari (macOS)¶
* Double-click the .pem file. Keychain Access will open.
* Select the System keychain and add the certificate.
* Set Trust → When using this certificate → Always Trust.
* Close Keychain Access.
Cross-Origin Resource Sharing¶
CORS (Cross-Origin Resource Sharing) is a browser security feature that restricts web pages from making requests to a different domain than the one that served the page.
Allowed origins are the URLs that your server will permit to make cross-origin requests. Requests from origins not in the allowed list will be blocked by the browser. By default AirStack Edge does not add any origins to the CORS allowed origins list. If your client application requires this access, it can be added in /etc/airstack-edge/server.toml. Update the allowed-origins application setting list to include your origin and the service will automatically restart to configure this change. For example:
allowed_origins = ["http://my_ip_address:3000"]
Note: Although it is not recommended you can optionally update the list to allow all CORS origins by setting it to:
allowed_origins = ["*"]