Merge branch 'master' into PD-1601-update-docs-for-new-versioned-api

content/SCALE/GettingStarted/SCALEReleaseNotes.md

@@ -84,8 +84,6 @@ More details are available from [Software Releases]({{< relref "/TrueNASUpgrades
 ### Upgrade Paths (Anticipated)
 <!--
 {{< include file="/static/includes/25.04UpgradeMethods.md" >}}
-
-See the <a href="https://www.truenas.com/software-status/" target="_blank">TrueNAS Software Status</a> page for recommendations about which software version to use based on your user type.
 -->
 
 {{< include file="/static/includes/SCALEUpgradePaths.md" >}}
@@ -113,7 +111,8 @@ Enterprise customers should [contact Support](https://www.truenas.com/docs/scale
 -->
 
 ## Component Versions
-Click the component version number to see the latest release notes for that component.
+Component version numbers below are updated to reflect the latest TrueNAS 24.05 release.
+Click the component version number to see release notes for that component.
 
 {{< truetable >}}
 | Component | Version |

content/SCALE/SCALETutorials/Credentials/Certificates/AddCAsSCALE.md

@@ -13,26 +13,30 @@ keywords:
 
 The **Certificate Authorities** widget lets users set up a certificate authority (CA) that certifies the ownership of a public key by the named subject of the certificate.
 
+{{< trueimage src="/images/SCALE/Credentials/AddCertificateAuthorityScreen.png" alt="Add Certificate Authority Screen" id="Add Certificate Authority Screen" >}}
+
 To add a new CA:
 
 First, add the name and select the type of CA.
 The **Identifier and Type** step lets users name the CA and choose whether to create a new CA or import an existing CA.     
 Users can also select a predefined certificate extension from the **Profiles** drop-down list.
 
+Users can check **Add To Trusted Store** to add the CA to the TrueNAS trusted certificate store. Services on TrueNAS automatically recognize and trust CAs when you enable this option. This feature simplifies certificate management for environments with multiple services relying on the same CA, reducing repeated manual configuration. Users with strict certificate management requirements or a preference for manually controlling trusted CAs may benefit from leaving this option disabled.
+
 Next, enter the certificate options. Select the key type. The **Key Type** selection changes the settings displayed.
 The **Certificate Options** step provides options for choosing what type of private key to use (as well as the number of bits in the key used by the cryptographic algorithm), the cryptographic algorithm the CA uses, and how many days the CA lasts.
 
 Now enter the certificate subject information. 
-The **Certificate Subject** step lets users define the location, name, and email for the organization using the certificate.    
+The **Certificate Subject** step lets users define the location, name, and email of the organization using the certificate.    
 Users can also enter the system [fully-qualified hostname (FQDN)](https://kb.iu.edu/d/aiuv) and any additional domains for multi-domain support.
 
 Lastly, enter any extra constraints you need for your scenario. 
 The **Extra Constraints** step contains certificate extension options.
 
-* **Basic Constraints** when enabled this limits the path length for a certificate chain.
-* **Authority Key Identifier** when enable provides a means of identifying the public key corresponding to the private key used to sign a certificate.
+* **Basic Constraints** limits the path length for a certificate chain.
+* **Authority Key Identifier** provides a means of identifying the public key corresponding to the private key used to sign a certificate.
 * **Key Usage** when enabled defines the purpose of the public key contained in a certificate.
-* **Extended Key Usage** when enabled it further refines key usage extensions.
+* **Extended Key Usage** further refines key usage extensions.
 
 Review the CA options. If you want to change something Click **Back** to reach the screen with the setting option you want to change, then click **Next** to advance to the **Confirm Options** step.
 

content/SCALE/SCALETutorials/DataProtection/CloudSyncTasks/_index.md

@@ -29,7 +29,7 @@ Cloud sync tasks allow for single-time transfers or recurring transfers on a sch
 Using the cloud means data can go to a third-party commercial vendor not directly affiliated with iXsystems.
 You should fully understand vendor pricing policies and services before using them for cloud sync tasks.
 
-iXsystems is not responsible for any charges incurred from using third-party vendors with the cloud sync feature.
+iXsystems is not responsible for any charges incurred using third-party vendors with the cloud sync feature.
 {{< /hint >}}
 
 ## Cloud Sync Task Requirements
@@ -49,18 +49,18 @@ The option to encrypt data transferred to or from a cloud storage provider is av
 
 Select **Remote Encryption** to use [rclone crypt](https://rclone.org/crypt/) encryption during pull and push transfers.
 With **Pull** selected as the **Transfer Direction**, the **Remote Encryption** decrypts files stored on the remote system before the transfer.
-This requires entering the same password used to encrypt data in both **Encryption Password** and **Encryption Salt**.
+This requires entering the same password to encrypt data in both **Encryption Password** and **Encryption Salt**.
 
 With **Push** selected as the **Transfer Direction**, data is encrypted before it is transferred and stored on the remote system.
-This also requires entering the same password used to encrypt data in both **Encryption Password** and **Encryption Salt**.
+This also requires entering the same password to encrypt data in both **Encryption Password** and **Encryption Salt**.
 
 {{< include file="/static/includes/FilenameEncryption.md" >}}
 
-When **Filename Encryption** is selected, transfers encrypt and decrypt file names with the rclone [Standard file name encryption mode](https://rclone.org/crypt//#file-name-encryption-modes).
+When selecting **Filename Encryption** transfers encrypt and decrypt file names with the rclone [Standard file name encryption mode](https://rclone.org/crypt//#file-name-encryption-modes).
 The original directory structure of the files is preserved.
 When disabled, encryption does not hide file names or directory structure, file names can be 246 characters long, use sub-paths, and copy single files.
-When enabled, file names are encrypted, file names are limited to 143 characters, directory structure is visible, and files with identical names have identical uploaded names.
-File names can use sub-paths, single copy files, and shortcuts to shorten the directory recursion.
+When enabled, file names are encrypted, file names are limited to 143 characters, the directory structure is visible, and files with identical names have identical uploaded names.
+File names can use sub-paths, single-copy files, and shortcuts to shorten the directory recursion.
 
 ### Troubleshooting Transfer Mode Problems
 **Sync** keeps all the files identical between the two storage locations.

content/SCALE/SCALETutorials/SystemSettings/Advanced/_index.md

@@ -70,7 +70,7 @@ It also stores Samba4 metadata, such as the user and group cache and share-level
 
 If the system has one pool, TrueNAS configures that pool as the system dataset pool.
 If your system has more than one pool, you can set the system dataset pool using the **Select Pool** dropdown.
-Users can move the system dataset to an unencrypted pool or a key-encrypted pool.
+Users can move the system dataset to an unencrypted or key-encrypted pool.
 
 ![SystemDatasetPoolConfigScreen](/images/SCALE/SystemSettings/SystemStorageConfigScreen.png "TrueNAS Advanced Settings System Dataset Pool Screen")
 
@@ -101,6 +101,26 @@ Entering an IP address limits access to the system to only the address(es) enter
 
 <div class="noprint">
 
+## Setting Up FIPS and STIG
+{{< enterprise >}}
+Only Enterprise-licensed systems show the **Security** widget and have access to FIPS and STIG settings.
+{{< /enterprise >}}
+
+To configure FIPS or STIG compliance on a TrueNAS server, you must first configure two-factor authentication for an admin user with full permissions.
+
+After configuring two-factor authentication, go to **System > Advanced Settings** and locate the **Security** widget.
+
+Click **Settings** to open the **System Security** configuration screen.
+
+![SystemSecurityScreen](/images/SCALE/SystemSettings/SystemSecurityScreen.png "System Security Screen")
+
+Select the toggle to enable FIPS and STIG, then click **Save**. You must enable FIPS with STIG!
+The system prompts you to reboot.
+
+![SecurityFIPSSTIGRebootDialog](/images/SCALE/SystemSettings/SecurityFIPSSTIGRebootDialog.png "Reboot Require Dialog")
+
+The system reboot takes several minutes to complete before showing the login screen.
+
 ## Contents
 
 {{< children depth="2" description="true" >}}

content/SCALE/SCALEUIReference/Credentials/Certificates/CAScreensSCALE.md

@@ -8,7 +8,7 @@ tags:
  - certificates
 ---
 
-The **Certificate Authorities** widget on the **Credentials > Certificates** screen displays certificate authorities(CAs) added to TrueNAS, and allows you to add new CAs, or download, delete, or edit the name of an existing CA. 
+The **Certificate Authorities** widget on the **Credentials > Certificates** screen displays certificate authorities(CAs) added to TrueNAS and allows you to add new CAs, or download, delete, or edit the name of an existing CA. 
 
 ![CertificateAuthoritiesWidgetNoCAs](/images/SCALE/Credentials/CertificateAuthoritiesWidgetNoCAs.png "Certificate Authorities Widget No CAs")
 
@@ -21,6 +21,7 @@ Each CA listed on the widget is a link that opens the **Edit CA** screen.
 **Add** opens the **[Add CA](#add-ca-wizard-screens)** wizard that steps you through setting up a certificate authority (CA) that certifies the ownership of a public key by the named subject of the certificate. 
 
 ## Add CA Wizard Screens
+
 The **Add CA** wizard screens step users through configuring a new certificate authority on TrueNAS. 
 The wizard has five different configuration screens, one for each step in the CA configuration process:
 
@@ -48,6 +49,7 @@ The selection in **Type** changes setting options on this screen, the **Certific
 | **Name** | Required. Enter a descriptive identifier for this certificate authority(CA). |
 | **Type** | Select the type of CA from the dropdown list. Options are **Internal CA**, **Intermediate CA**, and **Import CA**. **Internal CA** functions like a publicly trusted CA to sign certificates for an internal network. They are not trusted outside the private network. **Intermediate CA** lives between the root and end entity certificates and its main purpose is to define and authorize the types of certificates you can request from the root CA. **Import CA** allows you to import an existing CA onto the system. For more information see [What are Subordinate CAs and Why Would You Want Your Own?](https://www.globalsign.com/en/blog/what-is-an-intermediate-or-subordinate-certificate-authority). |
 | **Profiles** | Displays if **Internal CA** or **Intermediate CA** are set in **Type**. Select a predefined certificate extension from the dropdown list. |
+| **Add To Trusted Store** | Check this option if you want to add the CA to the TrueNAS trusted certificate store. Services on TrueNAS automatically trust CAs with this option enabled. |
 {{< /truetable >}}
 {{< /expand >}}
 
@@ -73,7 +75,7 @@ The **Key Type** selection changes fields displayed. **RSA** is the default sett
 {{< /expand >}}
 
 ### Certificate Subject Options
-The **Certificate Subject** settings define the location, name, and email for the organization using the certificate.    
+The **Certificate Subject** settings define the location, name, and email of the organization using the certificate.    
 Users can also enter the system [fully-qualified hostname (FQDN)](https://kb.iu.edu/d/aiuv) and any additional domains for multi-domain support.
 
 The **Certificate Subject** settings do not display if **Type** on the **Identifier and Type** screen is set to **Import CA**.
@@ -97,15 +99,15 @@ The **Certificate Subject** settings do not display if **Type** on the **Identif
 
 ### Extra Constraints Options
 The **Extra Constraints** options contain certificate extension options.
-* **Basic Constraints** that when enabled limits the path length for a certificate chain.
-* **Authority Key Identifier** that when enabled provides a means of identifying the public key corresponding to the private key used to sign a certificate.
-* **Key Usage** that when enable defines the purpose of the public key contained in a certificate.
-* **Extended Key Usage** that when enable to further refines key usage extensions.
+* **Basic Constraints** limits the path length for a certificate chain.
+* **Authority Key Identifier** provides a means of identifying the public key corresponding to the private key used to sign a certificate.
+* **Key Usage** defines the purpose of the public key contained in a certificate.
+* **Extended Key Usage** further refines key usage extensions.
 
 The **Extra Constraints** settings change based on the selection in **Type** on the **Identifier and Type** screen. 
 
 #### Extra Constraints - Internal or Intermediate CA
-After selecting **Basic Constraints**, **Authority Key Identifier**, **Extended Key Usage**, or **Key Usage**, each displays more settings that option needs.
+After selecting **Basic Constraints**, **Authority Key Identifier**, **Extended Key Usage**, or **Key Usage**, each displays more settings that the option needs.
 {{< expand "Click Here for More Information" "v" >}}
 
 ![AddCAExtraConstraintsAllExpanded](/images/SCALE/Credentials/AddCAExtraConstraintsAllExpanded.png "Add CA Internal Certificate")