Update LAN Section, Namely Windows (#427)

* Update Windows LAN process/screens, refactor LAN pages, remove browser section as irrelevant

* Update site/source/user-manual/connecting/connecting-lan/lan-ff.rst

Co-authored-by: Lucy <12953208+elvece@users.noreply.github.com>

* Update site/source/user-manual/connecting/connecting-lan/lan-os/lan-windows.rst

Co-authored-by: Lucy <12953208+elvece@users.noreply.github.com>

---------

Co-authored-by: Lucy <12953208+elvece@users.noreply.github.com>

site/source/user-manual/connecting/connecting-lan/index.rst

@@ -3,57 +3,37 @@
 ===================
 Connecting Over LAN
 ===================
-
-Whenever you are connected the same Local Area Network (LAN) as your Start9 server (i.e. the same WiFi network), it is best to access your Start9 server's LAN Address (.local URL). LAN connections are fast and secure and do not even require Internet access!
+Whenever you are connected to the same Local Area Network (LAN) as your Start9 server, it is best to access your Start9 server's LAN Address (.local URL). LAN connections are fast and secure and do not even require Internet access!
 
 .. note:: StartOS creates its own Certificate Authority (CA) to establish trust with client devices.
 
 Download Root CA
 ----------------
-
 First, download your Start9 server's Root CA. There are two way to accomplish this:
 
-Option 1
-........
+    - Download it from the info page you saved at the completion of :ref:`Initial Setup<initial-setup>`, OR
 
-Download it from html page you saved at the completion of :ref:`Initial Setup<initial-setup>`.
+    - Navigate to *System > LAN*, then click "Download Certificate".
 
-Option 2
-........
-
-Navigate to *System > LAN*, then click "Download Certificate".
-
-    .. figure:: /_static/images/ssl/lan_setup.png
-      :width: 60%
-      :alt: LAN setup menu item
+      .. figure:: /_static/images/ssl/lan_setup.png
+        :width: 60%
+        :alt: LAN setup menu item
 
 Trust Root CA
 -------------
-
-First, instruct your **operating system** to trust your Start9 server's Root CA.
+Instruct your **client device** to trust your Start9 server's Root CA.
 
     .. toctree::
       :maxdepth: 2
 
       lan-os/index
 
-Then instruct your **browser** to trust your Start9 server's Root CA. 
+**RECOMMENDED**: :ref:`Configure Firefox<lan-ff>` to use your system's certificate store. 
 
-    .. note:: On a Mac - this is only necessary on Firefox. Brave, Chrome and Safari will already work.
+    .. note:: Brave, Chrome and Safari will work without additional configuration.
 
-    .. toctree::
-      :maxdepth: 2
-
-      lan-browser/index
-
-**OPTIONAL**: Setup client integrations for StartOS Services (such as Nextcloud).
-
-    .. toctree::
-      :maxdepth: 2
-
-      lan-integrations/index
+**OPTIONAL**: :ref:`Configure Thunderbird<lan-thunderbird>` to use your system's certificate store (for Nextcloud integration).
 
 Access your Start9 server's LAN Address
 ---------------------------------------
-
-With the Root CA downloaded and trusted by both your operating system and your browser, you can now visit your Start9 server's LAN Address (.local URL) over secure https. Any service that offers a LAN URL will also be securely accessible!
+With the Root CA downloaded and trusted by both your operating system and your browser, you can visit your Start9 server's LAN Address (.local URL) over secure ``https``. Any service that offers a LAN URL will also be securely accessible!

site/source/user-manual/connecting/connecting-lan/lan-browser/index.rst

@@ -1,18 +0,0 @@
-.. _lan-browser:
-
-==================
-Trust CA - Browser
-==================
-
-Instruct your **browser** to trust your Start9 server's Root CA.
-
-On Mac, you only need to instruct Firefox to trust your Start9 server's Root CA. The other three browsers listed below will work already.
-
-.. caution:: You will first need to complete :ref:`lan-os` for your device before continuing.
-
-.. toctree::
-  :maxdepth: 1
-
-  Firefox <lan-ff>
-  Chrome / Brave <lan-chrome-brave>
-  Safari <lan-safari>

site/source/user-manual/connecting/connecting-lan/lan-browser/lan-chrome-brave.rst

@@ -1,130 +0,0 @@
-.. _lan-chrome-brave:
-
-=================================================
-Trusting Your Start9 CA in Chrome / Brave Browser
-=================================================
-
-.. caution:: You will first need to complete :ref:`lan-os` for your device before continuing.
-
-.. note:: This guide will work for Chrome, Chromium, Brave Browser or Vivaldi
-
-.. tabs::
-
-    .. group-tab:: Linux
-
-        #. Open a new tab in the browser and open to "Settings" from the top-right hamburger menu.
-
-            .. figure:: /_static/images/ssl/browser/brave_settings.png
-              :width: 30%
-              :alt: Chrome / Brave settings page
-
-        #. On the left hand sidebar, select the "Privacy and security" section, then the "Security" menu item.
-
-            .. figure:: /_static/images/ssl/browser/brave_security.png
-              :width: 60%
-              :alt: Chrome / Brave Privacy and security settings
-
-        #. At the bottom of the section, select "Manage Certificates".
-        
-            .. figure:: /_static/images/ssl/browser/brave_security_settings.png
-              :width: 60%
-              :alt: Chrome / Brave Security settings page
-
-        #. Click the "Authorities" tab
-
-            .. figure:: /_static/images/ssl/browser/brave-authorities.png
-              :width: 60%
-              :alt: Certificate Authorities
-
-        #. If you see "org-Start9" with a trusted “<custom-address> Local Root CA” listed under it, your work is already done. Open a new tab and visit your Start9 server's ``.local`` address.  The browser shouldn't give any warning pages about the certificate anymore.  If it still does, quit and restart the browser using `Menu > Exit`.
-
-        #. If you do not see "org-Start9" in the list, click "Import" and open the downloaded "<custom-address> Local Root CA.crt" file on your device.
-        
-            .. figure:: /_static/images/ssl/browser/chrome_authorities.png
-              :width: 60%
-              :alt: Chrome / Brave Import "<custom-address>.crt"
-
-        #. Check the box for "Trust this certificate for identifying websites" and click "OK".
-
-            .. figure:: /_static/images/ssl/browser/chrome_trust.png
-              :width: 60%
-              :alt: Chrome / Brave Manage Certificates sub-menu on macOS
-
-
-    .. group-tab:: Windows
-
-        #. Open a new tab in the browser and click "Settings" from the top-right hamburger menu.
-
-            .. figure:: /_static/images/ssl/browser/brave_settings.png
-              :width: 30%
-              :alt: Brave settings page
-
-        #. On the left hand sidebar, select the "Privacy and security" section, then the "Security" menu item.
-
-            .. figure:: /_static/images/ssl/browser/brave_security.png
-              :width: 60%
-              :alt: Brave Privacy and security settings
-
-        #. At the bottom of the section, select "Manage Certificates".
-        
-            .. figure:: /_static/images/ssl/browser/brave_security_settings.png
-              :width: 60%
-              :alt: Brave Security settings page
-
-        #. The Windows Certificates Manager will open.  Click the `Trusted Root Certification Authorities` tab, then `Import...`
-
-            .. figure:: /_static/images/ssl/windows/windows_certificates_caimport_step1.jpg
-              :width: 40%
-              :alt: Windows Certificates CA Cert Import Step 1
-
-        #. The Windows Certificate Import Wizard will open.  Click `Next`
-
-            .. figure:: /_static/images/ssl/windows/windows_certificates_caimport_step2.jpg
-              :width: 40%
-              :alt: Windows Certificates CA Cert Import Step 2
-
-        #. Click `Browse...` to select the CA Cert
-
-            .. figure:: /_static/images/ssl/windows/windows_certificates_caimport_step3.jpg
-              :width: 40%
-              :alt: Windows Certificates CA Cert Import Step 3
-
-        #. Navigate to the location of and select your previously downloaded `<custom-address>.crt` file, and click `Open`
-
-            .. figure:: /_static/images/ssl/windows/windows_certificates_caimport_step4.jpg
-              :width: 40%
-              :alt: Windows Certificates CA Cert Import Step 4
-
-        #. The path to the CA certificate will be filled in.  Click `Next`
-
-            .. figure:: /_static/images/ssl/windows/windows_certificates_caimport_step5.jpg
-              :width: 40%
-              :alt: Windows Certificates CA Cert Import Step 5
-
-        #. Ensure `Place all certificates in the following store` is selected and the Certificate store is set to `Trusted Root Certification Authorities`.  Click `Next`
-
-            .. figure:: /_static/images/ssl/windows/windows_certificates_caimport_step6.jpg
-              :width: 40%
-              :alt: Windows Certificates CA Cert Import Step 6
-
-        #. Click `Finish`
-
-            .. figure:: /_static/images/ssl/windows/windows_certificates_caimport_step7.jpg
-              :width: 40%
-              :alt: Windows Certificates CA Cert Import Step 7
-
-        #. Click `Yes` to accept the subsequent Security Warning
-
-            .. figure:: /_static/images/ssl/windows/windows_certificates_caimport_step8.jpg
-              :width: 40%
-              :alt: Windows Certificates CA Cert Import Step 8
-
-        #. The Windows Certificates Manager should report that the certificate import was successful.  Click `OK`, then `Close`
-
-            .. figure:: /_static/images/ssl/windows/windows_certificates_caimport_step9.jpg
-              :width: 40%
-              :alt: Windows Certificates CA Cert Import Step 9
-
-    .. group-tab:: Mac
-
-       No additional setup is required for Chrome or Brave on MacOS

site/source/user-manual/connecting/connecting-lan/lan-browser/lan-safari.rst

@@ -1,7 +0,0 @@
-.. _lan-safari:
-
-=================================
-Trusting Your Start9 CA In Safari
-=================================
-
-Once you have completed the :ref:`lan-os` steps on your device, simply open a new tab to apply the changes. If this does not work, quit and restart Safari. You can now securely navigate to the LAN address for your Start9 server!

site/source/user-manual/connecting/connecting-lan/lan-ff.rst

@@ -3,12 +3,9 @@
 ==================================
 Trusting Your Start9 CA in Firefox
 ==================================
+This guide applies to Firefox, Firefox ESR, and Librewolf.  Mozilla apps need to be configured to use the certificate store of your device.  To find out why Mozilla does this differently, you can read their `blog post <https://blog.mozilla.org/security/2019/02/14/why-does-mozilla-maintain-our-own-root-certificate-store/>`_ on the topic.
 
-.. caution:: You will first need to complete :ref:`lan-os` for your device before continuing.
-
-This should work equally well in Firefox, Firefox ESR, or Librewolf.
-
-.. note:: If you are attempting to set up Firefox on Android, click the "Android" tab below for Android-specific instructions.
+.. caution:: You will first need to complete :ref:`device setup<lan-os>` for your device before continuing.
 
 .. tabs::
 

site/source/user-manual/connecting/connecting-lan/lan-integrations/index.rst

@@ -1,16 +0,0 @@
-.. _lan-integrations:
-
-=======================
-Trust CA - Integrations
-=======================
-
-Instruct your end-user **application** to trust your Start9 server's Root CA.
-
-Certain services (such as NextCloud) offer file sync, calendar/contacts sync, or other connectivity you may want to use via a desktop or mobile application.  Select from the list below for supported applications.
-
-.. caution:: You will first need to complete :ref:`lan-os` for your device before continuing.
-
-.. toctree::
-  :maxdepth: 1
-
-  Thunderbird <lan-thunderbird>

site/source/user-manual/connecting/connecting-lan/lan-os/lan-windows.rst

@@ -18,74 +18,78 @@ Unfortunately, Windows does not have mDNS alias support built-in, which is neces
             #. Restart Windows
             #. Note: Uninstalling Bonjour via the setup package seems to be not enough to solve the issue. Bonjour must be uninstalled via windows system settings.
 
-#. Back in Windows, click the “Start” menu, type “mmc”, and select "Run as administrator"
+#. Back in Windows, click the “Start” menu, type “mmc”, and select "Run as administrator" to access the Windows Management Console.
 
    .. figure:: /_static/images/ssl/windows/0_windows_mmc.png
     :width: 50%
     :alt: Windows MMC
 
-    Access the Windows Management Console.  When prompted with the “User Account Control” window, select “Yes” to allow this program to run.
+    When prompted with the “User Account Control” window, select “Yes” to allow this program to run.
 
 #. When the Management Console opens, navigate to *File > Add/Remove Snap-in*.
 
-   .. figure:: /_static/images/ssl/windows/2_windows_console_root.png
-    :width: 90%
+   .. figure:: /_static/images/ssl/windows/1_windows_console_root.png
+    :width: 50%
     :alt: Windows Console Root
 
-    Add Snap-in from Console Root
-
 #. Select “Certificates” in the left side menu, then “Add”. This will open another window.
 
-   .. figure:: /_static/images/ssl/windows/3_windows_add_certificates.png
-    :width: 90%
+   .. figure:: /_static/images/ssl/windows/2_windows_add_certificates.png
+    :width: 50%
     :alt: Add Certificates
 
-    Add Certificates to selected snap-ins
-
 #. Select “Computer account” and click “Next". Leave defaulted options on the next screen and click “Finish”.
 
+   .. figure:: /_static/images/ssl/windows/3_snap_in_wizard.png
+    :width: 50%
+    :alt: Add Snap-in
+
 #. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”.
 
    .. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png
-    :width: 90%
+    :width: 50%
     :alt: Snap-in Selected
 
-    Certificates (Local Computer) is selected as snap-in
-
 #. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.
 
    .. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png
-    :width: 90%
+    :width: 50%
     :alt: Certificates in Management Console
 
-    Access Certificates in Management Console
-
-#. Right click on “Certificates”, then navigate to *All Tasks > Import*.
+#. Right click on the “Certificates” directory, then navigate to *All Tasks > Import*.
 
    .. figure:: /_static/images/ssl/windows/6_windows_import_cert.png
-    :width: 90%
+    :width: 50%
     :alt: Import certificate
 
-    Select "Import" from Certificates sub-menu
-
-#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and click “Open”.
+#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and open it.  Then click "Next".
 
    .. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png
-    :width: 90%
+    :width: 50%
     :alt: Import cert wizard
 
-    Add downloaded certificate in the Certificate Import Wizard
+#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”.  Then click "Finish" on the final screen.
 
-#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”.
+   .. figure:: /_static/images/ssl/windows/8_windows_import_cert_wizard.png
+    :width: 50%
+    :alt: Import cert wizard
 
 #. Select “OK” when the import is successful.
 
-#. Verify your server's Local Root CA certificate is in the “Certificates” folder:
+   .. figure:: /_static/images/ssl/windows/9_success.png
+    :width: 20%
+    :alt: Import success!
 
-   .. figure:: /_static/images/ssl/windows/8_windows_successful_cert_install.png
-    :width: 90%
+#. Verify your server's unique `<adjective-noun> Local Root CA` certificate is in the “Certificates” folder:
+
+   .. figure:: /_static/images/ssl/windows/10_successful_cert_install.png
+    :width: 50%
     :alt: Successful cert install
 
-    Your server's unique `<custom-address> Local Root CA` is now imported into Certificate folder
+#. You can save the console settings (where we added a snap-in), if desired.  The CA certificate will remain imported to the CA certificate store either way, and you will likely use this guide if you need to import a new certificate.
 
-#. You can save the settings to the console if desired, or not by pressing `Yes` or `No`.  The CA certificate will remain imported to the CA certificate store either way.
+   .. figure:: /_static/images/ssl/windows/11_console_settings.png
+    :width: 20%
+    :alt: Console settings
+
+You're now ready to browse your service UIs with encryption, either via the browser, or with native client apps.  You may wish to :ref:`configure Firefox<lan-ff>` and/or :ref:`Thunderbird<lan-thunderbird>` next.