Complete this guide to download your Start9 server’s Root Certificate Authority (CA), and trust it on your client device (Android). This allows you to use encrypted https connections to your .local (LAN) and .onion (tor) server addresses, access services on LAN, and enhances performance on tor. The Root CA was created by your server when you perfomed the initial setup, and signs the certificate of your server’s main UI, as well as that of all services.
Note
This guide applies to most Android phones running Android v13+, as well as phones running CalyxOS, GrapheneOS, or LineageOS (v19+).
Tap Settings > Security > More security settings > Encryption & credentials > Install a certificate > CA Certificate > Install Anyway and select your custom-named adjective-noun.local.crt certificate.
Caution
Some phones running Android v12 will work, others won’t. It depends on the vendor. Most Androids running v12 that we have tested do work with the exception of the Samsung Galaxy S10 which does not.
Tap Settings > Security > Advanced > Encryption and Credentials > Install from Storage and select your unique adjective-noun.local.crt certificate.
On some devices, it may be necessary to also activate this setting in Firefox / Fennec:
Tap Kebab Menu > Settings > About Firefox and tap the Firefox icon 5 times to enable “developer mode.”
Go back to Kebab Menu > Settings > Secret Settings (at the bottom), and tap “Use third party CA certificates” to enable the use of your system-wide Root CA.
You’re now ready to browse your service UIs with encryption, either via the browser, or with native client apps. For Mozilla apps, such as Firefox, you will need to follow the Firefox Config guide, which we highly recommend.
Documentation
