Merge branch 'production' into max/gw/docker-cert

Author: maxvp

src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/index.mdx

@@ -131,7 +131,7 @@ Refer to [deployment parameters](/cloudflare-one/connections/connect-devices/war
 
 :::note[Migrate from 1.1.1.1]
 
-The legacy iOS client, [1.1.1.1: Faster Internet](https://apps.apple.com/us/app/1-1-1-1-faster-internet/id1423538627), is becoming the Cloudflare One Agent. Learn more in our [migration guide](/cloudflare-one/connections/connect-devices/warp/download-warp/cloudflare-one-agent-migration/).
+The legacy iOS client, [1.1.1.1: Faster Internet](https://apps.apple.com/us/app/1-1-1-1-faster-internet/id1423538627), has been replaced by the Cloudflare One Agent. Learn more in our [migration guide](/cloudflare-one/connections/connect-devices/warp/download-warp/cloudflare-one-agent-migration/).
 :::
 
 The Cloudflare WARP iOS client, known in the App Store as [Cloudflare One Agent](https://apps.apple.com/us/app/cloudflare-one-agent/id6443476492), allows for an automated install via tools like Jamf, Intune, or SimpleMDM.
@@ -159,7 +159,7 @@ Refer to [deployment parameters](/cloudflare-one/connections/connect-devices/war
 
 :::note[Migrate from 1.1.1.1]
 
-The legacy Android client, [1.1.1.1 + WARP: Safer Internet](https://play.google.com/store/apps/details?id=com.cloudflare.onedotonedotonedotone), is becoming the Cloudflare One Agent. Learn more in our [migration guide](/cloudflare-one/connections/connect-devices/warp/download-warp/cloudflare-one-agent-migration/).
+The legacy Android client, [1.1.1.1 + WARP: Safer Internet](https://play.google.com/store/apps/details?id=com.cloudflare.onedotonedotonedotone), has been replaced by the Cloudflare One Agent. Learn more in our [migration guide](/cloudflare-one/connections/connect-devices/warp/download-warp/cloudflare-one-agent-migration/).
 :::
 
 The Cloudflare WARP Android client, known in the Google Play store as [Cloudflare One Agent](https://play.google.com/store/apps/details?id=com.cloudflare.cloudflareoneagent), allows for an automated install via tools like Intune, Google Endpoint Manager, and others.

src/content/docs/cloudflare-one/connections/connect-devices/warp/download-warp/cloudflare-one-agent-migration.mdx

@@ -18,16 +18,10 @@ No action is required for desktop clients at this time. The existing Cloudflare
 
 ## iOS and Android
 
-Zero Trust users must migrate from the 1.1.1.1 app to the Cloudflare One Agent app by 2023-12-31.
+Zero Trust users must migrate from the 1.1.1.1 app to the Cloudflare One Agent app. Cloudflare is no longer supporting customers using the 1.1.1.1 app for Zero Trust features.
 
 Organizations can migrate their teams with minimal disruption in one of two modes: [manually](#migrate-manual-deployments) or via a [managed endpoint solution](#migrate-managed-deployments).
 
-### Migration impact
-
-* New Zero Trust features will only be released to the Cloudflare One Agent.
-* The 1.1.1.1 app will continue to support the current feature set (and any security updates) through 2023-12-31.
-* All Zero Trust functionality will be removed from 1.1.1.1 app versions released after 2023-12-31. Zero Trust will continue to work on 1.1.1.1 app versions released prior to 2023-12-31.
-
 ### Migrate manual deployments
 
 If you downloaded and installed the 1.1.1.1 app manually, here are the recommended migration steps:

src/content/docs/cloudflare-one/connections/connect-devices/warp/download-warp/index.mdx

@@ -47,7 +47,7 @@ Alternatively, download the client from one of the following links after checkin
 
 :::note[Migrate from 1.1.1.1]
 
-The legacy iOS client, [1.1.1.1: Faster Internet](https://apps.apple.com/us/app/1-1-1-1-faster-internet/id1423538627), is becoming the Cloudflare One Agent. Learn more in our [migration guide](/cloudflare-one/connections/connect-devices/warp/download-warp/cloudflare-one-agent-migration/).
+The legacy iOS client, [1.1.1.1: Faster Internet](https://apps.apple.com/us/app/1-1-1-1-faster-internet/id1423538627), has been replaced by the Cloudflare One Agent. Learn more in our [migration guide](/cloudflare-one/connections/connect-devices/warp/download-warp/cloudflare-one-agent-migration/).
 :::
 
 ## Android
@@ -60,7 +60,7 @@ The legacy iOS client, [1.1.1.1: Faster Internet](https://apps.apple.com/us/app/
 
 :::note[Migrate from 1.1.1.1]
 
-The legacy Android client, [1.1.1.1 + WARP: Safer Internet](https://play.google.com/store/apps/details?id=com.cloudflare.onedotonedotonedotone), is becoming the Cloudflare One Agent. Learn more in our [migration guide](/cloudflare-one/connections/connect-devices/warp/download-warp/cloudflare-one-agent-migration/).
+The legacy Android client, [1.1.1.1 + WARP: Safer Internet](https://play.google.com/store/apps/details?id=com.cloudflare.onedotonedotonedotone), has been replaced by the Cloudflare One Agent. Learn more in our [migration guide](/cloudflare-one/connections/connect-devices/warp/download-warp/cloudflare-one-agent-migration/).
 :::
 
 ## ChromeOS

src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/automated-deployment.mdx

@@ -40,7 +40,7 @@ The certificate is required if you want to [apply HTTP policies to encrypted web
 3. Turn on [**Install CA to system certificate store**](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#install-ca-to-system-certificate-store).
 4. [Install](/cloudflare-one/connections/connect-devices/warp/download-warp/) the WARP client on the device.
 5. [Enroll the device](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/) in your Zero Trust organization.
-6. (Optional) If the device is running macOS Ventura `13.5` or newer, [manually trust the certificate](#manually-trust-the-certificate).
+6. (Optional) If the device is running macOS Ventura or newer, [manually trust the certificate](#manually-trust-the-certificate).
 
 WARP will install the [certificate set to **In-Use**](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/#certificate-status). This certificate can be either a [Cloudflare-generated certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/#generate-a-cloudflare-root-certificate) or a [custom certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate/). If you turn on a new certificate for inspection, WARP will automatically install the new certificate and remove the old certificate from your users' devices.
 
@@ -52,41 +52,41 @@ WARP only installs the system certificate -- it does not install the certificate
 
 After installing the certificate using WARP, you can verify successful installation by accessing the device's system certificate store.
 
-### Windows
-
-To access the installed certificate in Windows:
-
-1. Open the Start menu and select **Run**.
-2. Enter `certlm.msc`.
-3. Go to **Trusted Root Certification Authority** > **Certificates**.
-
-The default Cloudflare certificate is named **Cloudflare for Teams ECC Certificate Authority**.
-
-The WARP client will also place the certificate in `%ProgramData%\Cloudflare\installed_cert.pem` for reference by scripts or tools.
-
 ### macOS
 
 To access the installed certificate in macOS:
 
 1. Open Keychain Access.
 2. In **System Keychains**, go to **System** > **Certificates**.
-3. Open your certificate. The default Cloudflare certificate is named **Cloudflare for Teams ECC Certificate Authority**.
+3. Open your certificate. The default Cloudflare certificate name is **Gateway CA - Cloudflare Managed G1**.
 4. If the certificate is trusted by all users, Keychain Access will display **This certificate is marked as trusted for all users**.
 
 The WARP client will also place the certificate in `/Library/Application Support/Cloudflare/installed_cert.pem` for reference by scripts or tools.
 
 #### Manually trust the certificate
 
-macOS Ventura `13.5` and newer do not allow WARP to automatically trust the certificate. To manually trust the certificate:
+macOS Ventura and newer do not allow WARP to automatically trust the certificate. To manually trust the certificate:
 
-1. Select **Trust**.
-2. Set **When using this certificate** to _Always Trust_.
+1. In Keychain Access, [find and open the certificate](#macos).
+2. Open **Trust**.
+3. Set **When using this certificate** to _Always Trust_.
+4. (Optional) Restart the device to reset connections to Zero Trust.
 
 Alternatively, you can configure your mobile device management (MDM) to automatically trust the certificate on all of your organization's devices.
 
+### Windows
+
+To access the installed certificate in Windows:
+
+1. Open the Start menu and select **Run**.
+2. Enter `certlm.msc`.
+3. Go to **Trusted Root Certification Authority** > **Certificates**. The default Cloudflare certificate name is **Gateway CA - Cloudflare Managed G1**.
+
+The WARP client will also place the certificate in `%ProgramData%\Cloudflare\installed_cert.pem` for reference by scripts or tools.
+
 ### Linux
 
-On Linux, the certificate is stored in `/usr/local/share/ca-certificates`. The default Cloudflare certificate is named `managed-warp.pem`.
+On Linux, the certificate is stored in `/usr/local/share/ca-certificates`. The default Cloudflare certificate name is `managed-warp.pem`.
 
 If you cannot find the certificate, run the following commands to update the system store:
 

src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx

@@ -92,13 +92,9 @@ To install a Cloudflare certificate in macOS, you can use either the Keychain Ac
 <TabItem label="Keychain Access">
 
 1. Download a Cloudflare certificate.
-
 2. Open the `.crt` file in Keychain Access. If prompted, enter your local password.
-
 3. In **Keychain**, choose the access option that suits your needs and select **Add**.
-
 4. In the list of certificates, locate the newly installed certificate. Keychain Access will mark this certificate as not trusted. Right-click the certificate and select **Get Info**.
-
 5. Select **Trust**. Under **When using this certificate**, select _Always Trust_.
 
 The root certificate is now installed and ready to be used.
@@ -143,19 +139,12 @@ Windows offers two locations to install the certificate, each impacting which us
 | Local Machine Store | All users on the system |
 
 1. [Download a Cloudflare certificate](#download-the-cloudflare-root-certificate).
-
 2. Right-click the certificate file.
-
 3. Select **Open**. If a security warning appears, choose **Open** to proceed.
-
 4. The **Certificate** window will appear. Select **Install Certificate**.
-
 5. Now choose a Store Location. If a security warning appears, choose **Yes** to proceed.
-
 6. On the next screen, select **Browse**.
-
 7. In the list, choose the _Trusted Root Certification Authorities_ store.
-
 8. Select **OK**, then select **Finish**.
 
 The root certificate is now installed and ready to be used.
@@ -216,24 +205,23 @@ NixOS does not use the system certificate store for self updating and instead re
 
 ### iOS
 
-iOS only allows the Safari browser to open and install certificates.
-
-1. Open Safari and [download a Cloudflare certificate](#download-the-cloudflare-root-certificate). The device will display a confirmation dialog.
-2. Select **Allow**.
-3. Go to **Settings**, where a new **Profile Downloaded** section will appear directly beneath your iCloud user account info. Alternatively, you can go to **Settings** > **General** > **VPN & Device Management** and select the **Cloudflare for Teams ECC Certificate Authority** profile.
-4. Select **Install**. If the iOS device is passcode-protected, you will be prompted to enter the passcode.
-5. A certificate warning will appear. Select **Install**. If a second prompt appears, select **Install** again.
-6. The Profile Installed screen will appear. Select **Done**. The certificate is now installed. However, before it can be used, it must be trusted by the device.
-7. In **Settings**, go to **General** > **About** > **Certificate Trust Settings**. The installed root certificates will be displayed under Enable full trust for root certificates.
-8. Turn on the Cloudflare certificate.
-9. A security warning message will appear. Choose **Continue**.
+1. In Safari, [download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format.
+2. Open Files and go to **Recents**.
+3. Find and open the downloaded certificate file. A message will appear confirming the profile was downloaded. Select **Close**.
+4. Open Settings. Select the **Profile Downloaded** section beneath your Apple Account info. Alternatively, go to **General** > **VPN & Device Management** and select the **Gateway CA - Cloudflare Managed G1** profile.
+5. Select **Install**. If the iOS device is passcode-protected, you will be prompted to enter the passcode.
+6. A certificate warning will appear. Select **Install**. If a second prompt appears, select **Install** again.
+7. The Profile Installed screen will appear. Select **Done**. The certificate is now installed. However, before it can be used, it must be trusted by the device.
+8. In Settings, go to **General** > **About** > **Certificate Trust Settings**. The installed root certificates will be displayed under Enable full trust for root certificates.
+9. Turn on the Cloudflare certificate.
+10. A security warning message will appear. Choose **Continue**.
 
 The root certificate is now installed and ready to be used.
 
 ### Android
 
 1. [Download a Cloudflare certificate](#download-the-cloudflare-root-certificate).
-2. In **Settings**, go to **Security** > **Advanced** > **Encryption & credentials** > **Install a certificate**.
+2. In Settings, go to **Security** > **Advanced** > **Encryption & credentials** > **Install a certificate**.
 3. Select **CA certificate**.
 4. Select **Install anyway**.
 5. Verify your identity.