Navigation :

2/5: Installing TLS root certificate authority

Step 2/5: Installing TLS root certificate authority in a web browser for an existing domain name

Web Radio Control configuration for TLS certificate

TLS certificate enables use of a secure, encrypted network connection to the domain name you have chosen to use with your Web Radio Control server.

This document describes use of so called self-signed TLS certificates, which are generated by Web Radio Control by default. Self-signed certificates are not trusted by web browsers by default, which is why you will have to install a TLS root certificate — otherwise the web browser will display a warning message about an untrusted certificate when you try to access Web Radio Control.

An alternative to self-signed certificates is to use a trusted TLS certificate, which is issued by a trusted certificate authority. Trusted TLS certificates are usually not free, but they are trusted by web browsers by default, which means that you will not have to install a TLS root certificate in your web browser. This is a more user-friendly option, because there is no need for the users to install a TLS root certificate in their web browsers when accessing Web Radio Control.

If you wish to use a trusted TLS certificate, please see the using a trusted TLS certificate page.

When using self-signed certificates, you will have to install a TLS root certificate authority in every web browser or mobile device you use to access Web Radio Control. The installation process is described in detail below.

Creating a new self-signed TLS root certificate authority

Form for creating a new self-signed TLS root certificate authority:

Form for creating a new TLS root certificate authority

You will need to create a self-signed TLS root certificate authority approximately once per year. A new TLS certificate is necessary only in case your domain name for Web Radio Control changes or if an existing certificate expires, in which case the web browser will notify you about the expiration.

Type the domain name you chose to use or registered earlier in Dynamic DNS setup in the Domain names text field and press the Create button
- It is possible to use static IP addresses without a domain name by typing the static IP addresses in the IPv4 or IPv6 addresses text field.
Wait until the certificate creation has finished successfully (indicated by a green check mark icon)

Installing the TLS root certificate authority in a web browser

Link for downloading and installing a new TLS root certificate authority in the web browser:

Choose the type of the browser or device you use: Firefox / Chrome / Android or Apple Safari (Mac) / iPhone / iPad
Download the TLS root certificate authority file by clicking the link Install/download root certificate authority
Follow the web browser-specific instructions:
- Computer (Mac/Windows/Linux):
  - Firefox:
    
    Installing certificate authority in Firefox on Windows
    
    Installing certificate authority in Firefox on Linux
  - Chrome:
    
    Installing certificate authority in Chrome on Windows
    
    Installing certificate authority in Chrome on Linux
- Android phone or tablet: Both Firefox and Chrome browsers will automatically ask for permission to install the certificate
- iPhone/iPad (iOS): The only supported web browser is Safari and the browser will automatically ask for permission to install the certificate. After installing the certificate, you will also need to activate the certificate (also called a "profile" by Apple) in iOS settings menu Settings > General > About > Certificate Trust Settings. Activate the new certificate listed under the title Enable full trust for root certificates Apple’s original instructions for activating certificates are available here: https://support.apple.com/en-us/HT204477

Click the Next button to continue to the next step in the Web Radio Control configuration process.