1 Connect

Plug into the inner port.

The Seed has two USB ports — use the one set back from the edge.

Why the inner port?

The port closest to the edge supplies power only — the light comes on but your computer never sees the device.

The inner port carries data and power. Push the cable all the way in at both ends.

If the COGNITUM drive doesn't mount within about 10 seconds, you're almost certainly on the power-only port or the cable hasn't fully seated.

Watching for your Seed…
After plugging in, allow ~15–20s for your computer to assign a link-local address.
2 Trust

Say yes to the certificate.

Your Seed brings its own — signed by no one else, only itself.

Why a certificate prompt?

Your Seed serves a real HTTPS endpoint on its USB-Ethernet interface (https://169.254.42.1:8443). The certificate is signed by your Seed itself, not by a public authority — so only you can decide to trust it.

Accept just for now remembers the cert for this browser session. Fast, no install — but you'll repeat it next time the browser closes.

Install permanently adds the device's name-constrained CA to your system trust store. One sudo / Administrator prompt; trusted forever after.

Connect via Chrome (where available) skips the network entirely — the page talks to the device over USB directly, no DNS or certificates involved.

What happens next:
  1. A new tab opens at your device's status URL.
  2. You'll see a "Connection not private" warning.
  3. Click AdvancedProceed to 169.254.42.1 (unsafe).
  4. JSON status appears. Return here — detection resumes automatically.

Install permanently — one time, no prompts again.

Cognitum ships a name-constrained CA on the USB drive. Add it once, and every Seed you own becomes trusted from this browser.

Is the install safe?

The installed CA is name-constrained — it can only sign certificates for 169.254.x.x addresses and .local hostnames. It cannot issue a certificate for google.com or any public site.

The installer is a small shell script you can inspect before running. It uses the system's standard certificate-management tools.

To remove it later: search for "Cognitum Device Local CA" in your system's keychain / certificate manager and delete the entry.

  1. Open the COGNITUM drive that mounted on your computer (Finder → Locations).
  2. Open the trust/ folder.
  3. Double-click install-trust.command. If macOS blocks it, use .
  4. Reload this page. Detection picks up automatically.
3 Verify

Is this really your Seed?

When it's reachable, its live identity appears below — signed by the device itself.

4 Done

Open the device.

Everything else lives on the Seed itself — your memories, the witness chain, the API.

Visit 169.254.42.1:8443/guide for the on-device guide.

Activity log

Terminal install (macOS)

If macOS refuses to run the .command file ("unidentified developer"), open Terminal and run:

bash /Volumes/COGNITUM/trust/install-trust.sh

Copied