From 32ec711a3f0d4c1fe09b8075f2961c6cefa30e57 Mon Sep 17 00:00:00 2001
From: Matt Hill <mattnine@protonmail.com>
Date: Tue, 15 Aug 2023 14:04:45 -0600
Subject: [PATCH] update windows and linux ca guides

---
 .../guides/device-guides/linux/ff-linux.rst   |  8 --
 .../device-guides/windows/ff-windows.rst      | 88 +++++++++++++------
 2 files changed, 61 insertions(+), 35 deletions(-)

diff --git a/site/source/guides/device-guides/linux/ff-linux.rst b/site/source/guides/device-guides/linux/ff-linux.rst
index 81fcd67..dbb6b48 100644
--- a/site/source/guides/device-guides/linux/ff-linux.rst
+++ b/site/source/guides/device-guides/linux/ff-linux.rst
@@ -11,14 +11,6 @@ This guide applies to Firefox, Firefox ESR, Librewolf, and Thunderbird. Mozilla
 
 #. Ensure you have already :ref:`trusted your server's Root CA<ca-linux>`
 
-#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
-
-#. Search for ``security.enterprise_roots.enabled`` and set it to ``true``:
-
-    .. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
-        :width: 80%
-        :alt: Firefox security settings
-
 #. Select your distribution below and follow instructions:
 
     .. tabs::
diff --git a/site/source/guides/device-guides/windows/ff-windows.rst b/site/source/guides/device-guides/windows/ff-windows.rst
index 36fa9b5..b7db063 100644
--- a/site/source/guides/device-guides/windows/ff-windows.rst
+++ b/site/source/guides/device-guides/windows/ff-windows.rst
@@ -3,55 +3,89 @@
 ==============================
 Configuring Firefox on Windows
 ==============================
-.. caution::  This guide assumes you have completed :ref:`setting up Tor<tor-windows>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
+Here you will configure Firefox to securely resolve the .local and .onion URLs of your server and installed services.
 
-#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
+Local
+-----
 
-#. Search for ``dom.securecontext.allowlist_onions`` and set the value to "true":
+#. Ensure you have already :ref:`trusted your server's Root CA<ca-mac>`
+
+#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
+
+#. Search for ``security.enterprise_roots.enable``, set it to ``true``.
+
+    .. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
+        :width: 80%
+        :alt: Firefox security settings
+
+#. Restart Firefox
+
+#. When you visit your server URL using ``https``, you should see this symbol indicating a secure connection:
+
+    .. figure:: /_static/images/ssl/browser/firefox-https-good.png
+        :width: 80%
+        :alt: Firefox security settings
+
+#. If you see an exclamation point inside a triangle by the lock, it means you previously made a security exception in the browser. You will need to remove the exception by clicking the lock -> Connection not secure -> Remove Exception.
+
+    .. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-1.png
+        :width: 80%
+        :alt: Firefox - Remove security exception (Part 1)
+
+    .. figure:: /_static/images/ssl/browser/cert-trust-exception-remove-2.png
+        :width: 80%
+        :alt: Firefox - Remove security exception (Part 2)
+
+Tor
+---
+#. Ensure you have already :ref:`set up Tor<tor-mac>`
+
+#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
+
+#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
 
     .. figure:: /_static/images/tor/firefox_allowlist.png
-      :width: 60%
-      :alt: Firefox whitelist onions screenshot
+        :width: 60%
+        :alt: Firefox whitelist onions screenshot
 
-#. Next, search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
+#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
 
     .. figure:: /_static/images/tor/firefox_insecure_websockets.png
-      :width: 60%
-      :alt: Firefox allow insecure websockets over https
+        :width: 60%
+        :alt: Firefox allow insecure websockets over https
 
-#. Download a *Proxy Auto Config* file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file by following instructions below:
-
-    - Click `here <https://start9.com/assets/proxy.pac>`_ to get the file and save the file somewhere you will not delete it. Remember where you save the file. For this example:
+#. Download a ``Proxy Auto Config`` file to inform Firefox how to use the Tor daemon running on your computer. Click `here <https://start9.com/assets/proxy.pac>`_ to get the one offered by Start9 and save it somewhere you will not delete it. Remember where you save the file. For this example:
 
     .. code-block::
 
-      C:\Program Files\Tor Browser\proxy.pac
+    	C:\Program Files\Tor Browser\proxy.pac
 
-#. Now, back in your Firefox web browser, select "Settings" from the right-hand hamburger menu:
+#. Go to the right-hand hamburger menu and select ``Settings``:
 
-    .. figure:: /_static/images/tor/firefox_options_windows.png
-      :width: 60%
-      :alt: Firefox options screenshot
+    .. figure:: /_static/images/tor/os_ff_settings.png
+        :width: 30%
+        :alt: Firefox options screenshot
 
-#. Search for the term "proxy" in the search bar in the upper right, then select the button that says "Settings":
+#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``:
 
     .. figure:: /_static/images/tor/firefox_search.png
-      :width: 60%
-      :alt: Firefox search screenshot
+        :width: 60%
+        :alt: Firefox search screenshot
 
-#. This should open a menu that will allow you to configure your proxy settings. Select "Automatic proxy configuration URL" and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
+#. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
 
     .. code-block::
 
-      file://C:/Program Files/Tor Browser/proxy.pac
+    	file://C:/Program Files/Tor Browser/proxy.pac
 
-#. Then, check the box labeled "Proxy DNS when using SOCKS v5":
+#. Check the box labeled ``Proxy DNS when using SOCKS v5``:
 
-    .. figure:: /_static/images/tor/firefox_proxy_windows.png
-      :width: 60%
-      :alt: Firefox proxy settings screenshot
+    .. figure:: /_static/images/tor/firefox_proxy.png
+        :width: 60%
+        :alt: Firefox proxy settings screenshot
 
-#. Click "OK" and then restart Firefox for the changes to take effect.
+#. Click ``OK`` and restart Firefox
 
-#. You're all set! You should now be able to navigate to ".onion" URLs in Firefox. You can test this by going to Start9's ``.onion`` homepage, `here <http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion/>`__.
+#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
 
+#. You can now use the `.onion` URLs of your server and installed services