rework ca trusting flow (#547)

* rework ca trusting flow * abstract firefox guides for ca and tor * remove uneeded package.lock * fix references, update submodule * clean up
2026-03-30 12:11:57 +00:00 · 2023-11-19 11:26:58 -07:00
parent f34f9fce44
commit 3bad4b440b
36 changed files with 320 additions and 441 deletions
--- a/site/source/device-guides/windows/ca-windows.rst
+++ b/site/source/device-guides/windows/ca-windows.rst
@@ -1,13 +1,13 @@
 .. _ca-windows:

-=========================================
-Trusting Your Server's Root CA on Windows
-=========================================
+================================
+Trusting Your Root CA on Windows
+================================
 Complete this guide to trust your server's Root Certificate Authority (Root CA) on Windows.

-#. Ensure you have already :ref:`downloaded your Root CA <download-root-ca>`
+#. Ensure you have :ref:`downloaded your Root CA <root-ca-download>`

-#. Ensure you have already :ref:`installed bonjour <connecting-lan-windows>`
+#. Ensure you have :ref:`installed bonjour <connecting-lan-windows>`

 #. Click the “Start” menu, type “mmc”, and select "Run as administrator" to access the Windows Management Console.

@@ -82,3 +82,5 @@ Complete this guide to trust your server's Root Certificate Authority (Root CA)
   .. figure:: /_static/images/ssl/windows/11_console_settings.png
    :width: 20%
    :alt: Console settings
+
+#. If using Firefox (recommended), complete :ref:`this final step <ca-ff>`
--- a/site/source/device-guides/windows/ff-windows.rst
+++ b/site/source/device-guides/windows/ff-windows.rst
@@ -1,72 +0,0 @@
-.. _ff-windows:
-
-==============================
-Configuring Firefox on Windows
-==============================
-Here you will configure Firefox to securely resolve the .local and .onion URLs of your server and installed services.
-
-Local (required for initial setup)
----------------------------------
-#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
-
-#. Search for ``security.enterprise_roots.enable``, set it to ``true``.
-
-    .. figure:: /_static/images/ssl/browser/enterprise_roots_enabled_true.png
-        :width: 80%
-        :alt: Firefox security settings
-
-#. Restart Firefox
-
-Tor (can be completed later)
----------------------------
-#. Ensure you have already :ref:`set up Tor<tor-windows>`
-
-#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that appear
-
-#. Search for ``dom.securecontext.allowlist_onions`` and set the value to ``true``:
-
-    .. figure:: /_static/images/tor/firefox_allowlist.png
-        :width: 60%
-        :alt: Firefox whitelist onions screenshot
-
-#. Search for ``network.websocket.allowInsecureFromHTTPS`` and set the value to ``true``:
-
-    .. figure:: /_static/images/tor/firefox_insecure_websockets.png
-        :width: 60%
-        :alt: Firefox allow insecure websockets over https
-
-#. Download a ``Proxy Auto Config`` file to inform Firefox how to use the Tor daemon running on your computer. Click `here <https://start9.com/assets/proxy.pac>`_ to get the one offered by Start9 and save it somewhere you will not delete it. Remember where you save the file. For this example:
-
-    .. code-block::
-
-    	C:\Program Files\Tor Browser\proxy.pac
-
-#. Go to the right-hand hamburger menu and select ``Settings``:
-
-    .. figure:: /_static/images/tor/os_ff_settings.png
-        :width: 30%
-        :alt: Firefox options screenshot
-
-#. Search for the term ``proxy`` in the search bar in the upper right and select ``Settings...``:
-
-    .. figure:: /_static/images/tor/firefox_search.png
-        :width: 60%
-        :alt: Firefox search screenshot
-
-#. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
-
-    .. code-block::
-
-    	file://C:/Program Files/Tor Browser/proxy.pac
-
-#. Check the box labeled ``Proxy DNS when using SOCKS v5``:
-
-    .. figure:: /_static/images/tor/firefox_proxy.png
-        :width: 60%
-        :alt: Firefox proxy settings screenshot
-
-#. Click ``OK`` and restart Firefox
-
-#. Test that Firefox can resolve `.onion` URLs by visiting Start9's Tor website: http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion. If this does not work, go through this guide again, ensuring you followed every step, including the first which refers to another guide
-
-#. You can now use the `.onion` URLs of your server and installed services
--- a/site/source/device-guides/windows/index.rst
+++ b/site/source/device-guides/windows/index.rst
@@ -12,7 +12,6 @@ Recommended Guides

  ca-windows
  tor-windows
-  ff-windows

 Other Useful Guides
 -------------------
--- a/site/source/device-guides/windows/tor-windows.rst
+++ b/site/source/device-guides/windows/tor-windows.rst
@@ -54,4 +54,4 @@ Running Tor on Windows
      2. Uninstall the Tor Browser, following `these steps <https://tb-manual.torproject.org/uninstalling/>`_.
      3. Begin this guide again from the beginning.

-#. That's it! Your Windows computer is now setup to natively use Tor.
+#. If using Firefox (recommended), complete :ref:`this final step <tor-ff>`