Skip to content

Fix/trust ca hrefs and linux instructions #65

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
gStart9 wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Fix/trust ca hrefs and linux instructions #65

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9a76549
Fix link to mozilla trust section
gStart9 Mar 31, 2026
fc9b75d
Fix link to mozilla trust section
gStart9 Mar 31, 2026
cad1dac
Make debian/ubuntu instructions easier to copy/paste
gStart9 Mar 31, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 9 additions & 8 deletions start-os/src/trust-ca.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ Select your platform:

1. You will see your server's CA certificate as trusted now, signified by a blue (+) sign and the CA cert information will now say "This certificate is marked as trusted for all users" in Keychain Access:

1. If using Firefox, Thunderbird, or Librewolf, complete this [final step](#mac--windows).
1. If using Firefox, Thunderbird, or Librewolf, complete this [final step](#3-mozilla-apps-firefox-thunderbird-librewolf).

{{#endtab }}
{{#tab name="Windows" }}
Expand Down Expand Up @@ -79,7 +79,7 @@ Select your platform:

1. You can save the console settings (where we added a snap-in), if desired. Your Root CA will remain imported to the CA certificate store either way, and you will likely use this guide if you need to import a new certificate.

1. If using Firefox, Thunderbird, or Librewolf, complete this [final step](#mac--windows).
1. If using Firefox, Thunderbird, or Librewolf, complete this [final step](#3-mozilla-apps-firefox-thunderbird-librewolf).

{{#endtab }}
{{#tab name="iOS" }}
Expand Down Expand Up @@ -127,16 +127,17 @@ This should work for most Debian-based systems, such as Debian, Ubuntu, Mint, Po

cd ~/Downloads

1. Add your Root CA to your OS trust store. Be certain to replace `your-server-name` with your server's unique hostname:
1. Add your Root CA to your OS trust store. Be certain to replace `your-server-name` with your server's unique hostname on the first line:

hostname=your-server-name.local
Copy link
Copy Markdown
Member Author

@gStart9 gStart9 Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Allows user to only edit once, on this line, then copy and paste every other line with no editing.

sudo mkdir -p /usr/share/ca-certificates/start9
sudo cp "your-server-name.crt" /usr/share/ca-certificates/start9/
sudo bash -c "echo 'start9/your-server-name.crt' >> /etc/ca-certificates.conf"
sudo cp "${hostname}.crt" /usr/share/ca-certificates/start9/
sudo bash -c "echo 'start9/${hostname}.crt' >> /etc/ca-certificates.conf"
sudo update-ca-certificates

If successful, you will see the output `1 added`.

1. If using Firefox, Thunderbird, or Librewolf, complete this [final step](#debian--ubuntu-1).
1. If using Firefox, Thunderbird, or Librewolf, complete this [final step](#3-mozilla-apps-firefox-thunderbird-librewolf).

{{#endtab }}
{{#tab name="Arch / Garuda" }}
Expand All @@ -148,7 +149,7 @@ This should work for most Debian-based systems, such as Debian, Ubuntu, Mint, Po
1. Add your Root CA to your OS trust store. Be certain to replace `your-server-name` with your server's unique hostname in the second command:

sudo pacman -S ca-certificates
sudo cp "your-server-name.crt" /etc/ca-certificates/trust-source/anchors/
sudo cp "your-server-name.local.crt" /etc/ca-certificates/trust-source/anchors/
Copy link
Copy Markdown
Member Author

@gStart9 gStart9 Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I noticed that the downloaded ca file now includes the .local. This seems more clear to insert it here too then, or at least less likely for them to be confused as to whether they're doing it right, though I could be wrong.

Copy link
Copy Markdown
Member

@MattDHill MattDHill Apr 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmmm it might be better to not include the .local in the filename. Looking into it

sudo update-ca-trust

Despite no output from the last command, you can test your app right away.
Expand All @@ -163,7 +164,7 @@ This should work for most Debian-based systems, such as Debian, Ubuntu, Mint, Po
1. Add your Root CA to your OS trust store. Be certain to replace `your-server-name` with your server's unique hostname in the second command:

sudo dnf install ca-certificates
sudo cp "your-server-name.crt" /etc/pki/ca-trust/source/anchors/
sudo cp "your-server-name.local.crt" /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust

There will be no output if the update-ca-trust command completes successfully.
Expand Down