rework ca trusting flow (#547)

* rework ca trusting flow * abstract firefox guides for ca and tor * remove uneeded package.lock * fix references, update submodule * clean up
2026-03-30 12:11:57 +00:00 · 2023-11-19 11:26:58 -07:00
parent f34f9fce44
commit 3bad4b440b
36 changed files with 320 additions and 441 deletions
--- a/site/source/device-guides/mac/ca-mac.rst
+++ b/site/source/device-guides/mac/ca-mac.rst
@@ -1,11 +1,11 @@
 .. _ca-mac:

-=====================================
-Trusting Your Server's Root CA on Mac
-=====================================
+============================
+Trusting Your Root CA on Mac
+============================
 Complete this guide to trust your server's Root Certificate Authority (Root CA) on Mac.

-#. Ensure you have already :ref:`downloaded your Root CA <download-root-ca>`
+#. Ensure you have :ref:`downloaded your Root CA <root-ca-download>`

 #. Locate your downloaded Root CA. Right click it and select *Show in Folder*:

@@ -50,3 +50,5 @@ Complete this guide to trust your server's Root Certificate Authority (Root CA)
        :alt: Keychain submenu

    .. tip:: If the keychain console did not show the certificate as trusted, press "Command + spacebar" and type “Keychain Access”, and hit enter to re-open it.
+
+#. If using Firefox (recommended), complete :ref:`this final step <ca-ff>`
--- a/site/source/device-guides/mac/ff-mac.rst
+++ b/site/source/device-guides/mac/ff-mac.rst
@@ -1,60 +0,0 @@
-.. _ff-mac:
-
-==========================
-Configuring Firefox on Mac
-==========================
-Here you will configure Firefox to securely resolve the .local and .onion URLs of your server and installed services.
-
-Local (required for initial setup)
----------------------------------
-#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
-
-#. Search for ``security.enterprise_roots.enable``, set it to ``true``.
-
-    .. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
-        :width: 80%
-        :alt: Firefox security settings
-
-#. Restart Firefox
-
-Tor (can be completed later)
----------------------------
-#. Ensure you have already :ref:`set up Tor<tor-mac>`
-
-#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
-
-#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
-
-    .. figure:: /_static/images/tor/firefox_allowlist.png
-        :width: 60%
-        :alt: Firefox whitelist onions screenshot
-
-#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
-
-    .. figure:: /_static/images/tor/firefox_insecure_websockets.png
-        :width: 60%
-        :alt: Firefox allow insecure websockets over https
-
-#. Go to the right-hand hamburger menu and select ``Settings``:
-
-    .. figure:: /_static/images/tor/os_ff_settings.png
-        :width: 30%
-        :alt: Firefox options screenshot
-
-#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``:
-
-    .. figure:: /_static/images/tor/firefox_search.png
-        :width: 60%
-        :alt: Firefox search screenshot
-
-#. Check the option labeled ``Use System Proxy Settings`` *and* the box labeled ``Proxy DNS when using SOCKS v5``:
-
-    .. figure:: /_static/images/tor/firefox_proxy.png
-        :width: 60%
-        :alt: Firefox proxy settings screenshot
-
-#. Click ``OK`` and restart Firefox
-
-#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
-
-#. You can now use the `.onion` URLs of your server and installed services
--- a/site/source/device-guides/mac/index.rst
+++ b/site/source/device-guides/mac/index.rst
@@ -12,7 +12,6 @@ Recommended Guides

  ca-mac
  tor-mac
-  ff-mac

 Other Useful Guides
 -------------------
--- a/site/source/device-guides/mac/tor-mac.rst
+++ b/site/source/device-guides/mac/tor-mac.rst
@@ -114,8 +114,6 @@ Enable Tor System-wide
                
                cat /usr/local/var/log/tor.log || sudo cat /opt/homebrew/var/log/tor.log

-        If you'd like to setup Firefox to use Tor you can follow  :ref:`this guide<ff-mac>`.
-
    .. group-tab:: Pre-Ventura

        #. Enable proxy autoconfig file (This will download the Start9 standard proxy config file. You can use your own if you prefer):
@@ -176,4 +174,6 @@ Enable Tor System-wide
                
                cat /usr/local/var/log/tor.log || sudo cat /opt/homebrew/var/log/tor.log

-        If you'd like to setup Firefox to use Tor you can follow  :ref:`this guide<ff-mac>`.
+If using Firefox (recommended)
+------------------------------
+Complete this guide: :ref:`tor-ff`