Refine OS instructions

maxvp · maxvp · commit 91ef8718aeaf · 2024-10-18T12:14:37.000-05:00
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cloudflare-cert.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cloudflare-cert.mdx
@@ -20,7 +20,7 @@ If your device does not support [certificate installation via WARP](/cloudflare-
 
 ## Download the Cloudflare root certificate
 
-First, [generate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/#generate-a-cloudflare-root-certificate) and download the Cloudflare certificate. The certificate is available both as a `.pem` and as a `.crt` file. Certain applications require the certificate to be in a specific file type, so ensure you download the most appropriate file for your use case.
+First, [generate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/#generate-a-cloudflare-root-certificate) and download the Cloudflare certificate. The certificate is available in both `.pem` and `.crt` file format. Certain applications require the certificate to be in a specific file type, so ensure you download the most appropriate file for your use case.
 
 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Resources**.
 2. In **Certificates**, select **Manage**.
@@ -165,21 +165,21 @@ The following procedure applies to Debian-based systems, such as Debian, Ubuntu,
 1. [Download](#download-the-cloudflare-root-certificate) the `.pem` certificate.
 2. Install the `ca-certificates` package.
 
-```sh
-sudo apt-get install ca-certificates
-```
+   ```sh
+   sudo apt-get install ca-certificates
+   ```
 
 3. Copy the certificate to the system, changing the file extension to `.crt`.
 
-```sh
-sudo cp Cloudflare_CA.pem /usr/share/ca-certificates/Cloudflare_CA.crt
-```
+   ```sh
+   sudo cp Cloudflare_CA.pem /usr/share/ca-certificates/Cloudflare_CA.crt
+   ```
 
 4. Import the certificate.
 
-```sh
-sudo dpkg-reconfigure ca-certificates
-```
+   ```sh
+   sudo dpkg-reconfigure ca-certificates
+   ```
 
 #### Red Hat-based distributions
 
@@ -188,21 +188,21 @@ The following procedure applies to Red Hat-based systems, such as CentOS and Red
 1. [Download](#download-the-cloudflare-root-certificate) the certificate in both `.crt` and `.pem` format.
 2. Install the `ca-certificates` package.
 
-```sh
-sudo dnf install ca-certificates
-```
+   ```sh
+   sudo dnf install ca-certificates
+   ```
 
 3. Copy both certificates to the trust store.
 
-```sh
-sudo cp Cloudflare_CA.crt Cloudflare_CA.pem /etc/pki/ca-trust/source/anchors
-```
+   ```sh
+   sudo cp Cloudflare_CA.crt Cloudflare_CA.pem /etc/pki/ca-trust/source/anchors
+   ```
 
 4. Import the certificate.
 
-```sh
-sudo update-ca-trust
-```
+   ```sh
+   sudo update-ca-trust
+   ```
 
 #### NixOS
 
@@ -212,44 +212,25 @@ NixOS does not use the system certificate store for self updating and instead re
 
 iOS only allows the Safari browser to open and install certificates.
 
-1. Open Safari and [download the Cloudflare certificate](#download-the-cloudflare-root-certificate). The device will show a message: _This website is trying to download a configuration profile. Do you want to allow this?_
-
+1. Open Safari and [download the Cloudflare certificate](#download-the-cloudflare-root-certificate). The device will display a confirmation dialog.
 2. Select **Allow**.
-
-3. Go to **Settings**, where a new **Profile Downloaded** section will appear directly beneath your iCloud user account info.
-
-:::note
-
-Alternatively, you can go to **Settings** > **General** > **VPN & Device Management** and select the **Cloudflare for Teams ECC Certificate Authority** profile.
-
-:::
-
+3. Go to **Settings**, where a new **Profile Downloaded** section will appear directly beneath your iCloud user account info. Alternatively, you can go to **Settings** > **General** > **VPN & Device Management** and select the **Cloudflare for Teams ECC Certificate Authority** profile.
 4. Select **Install**. If the iOS device is passcode-protected, you will be prompted to enter the passcode.
-
-5. Next, a certificate warning will appear. Select **Install**. If a second prompt appears, select **Install** again.
-
-6. Next, the Profile Installed screen will appear. Select **Done**. The certificate is now installed. However, before it can be used, it must be trusted by the device.
-
-7. Go to **Settings** > **General** > **About** > **Certificate Trust Settings**. The installed root certificates will be displayed under Enable full trust for root certificates.
-
-8. Enable the Cloudflare certificate.
-
+5. A certificate warning will appear. Select **Install**. If a second prompt appears, select **Install** again.
+6. The Profile Installed screen will appear. Select **Done**. The certificate is now installed. However, before it can be used, it must be trusted by the device.
+7. In **Settings**, go to **General** > **About** > **Certificate Trust Settings**. The installed root certificates will be displayed under Enable full trust for root certificates.
+8. Turn on the Cloudflare certificate.
 9. A security warning message will appear. Choose **Continue**.
 
 The root certificate is now installed and ready to be used.
 
 ### Android
 
 1. [Download the Cloudflare certificate](#download-the-cloudflare-root-certificate).
-
-2. Go to **Settings** > **Security** > **Advanced** > **Encryption & credentials** > **Install a certificate**.
-
+2. In **Settings**, go to **Security** > **Advanced** > **Encryption & credentials** > **Install a certificate**.
 3. Select **CA certificate**.
-
 4. Select **Install anyway**.
-
 5. Verify your identity.
-
 6. Choose the certificate file you want to install.
 
 The root certificate is now installed and ready to be used.
@@ -258,30 +239,28 @@ The root certificate is now installed and ready to be used.
 
 ChromeOS devices use different methods to store and deploy root certificates. Certificates may fall under the **VPN and apps** or **CA certificate** settings. Follow the procedure that corresponds with your device.
 
-<Tabs> <TabItem label="vpn and apps">
+<Tabs> <TabItem label="VPN and apps">
 
 <Render
 	file="chromeos-cert-settings"
 	params={{ one: "Install from SD card" }}
 />
 
-5. In the file open dialog, choose the `Cloudflare_CA.crt` file you downloaded and select **Open**.
-
-6. Enter a name to identify the certificate. Ensure **Credential use** is set to _VPN and apps_. Select **OK**.
+5. In the file open dialog, choose the `Cloudflare_CA.crt` file you downloaded. Select **Open**.
+6. Enter a name to identify the certificate. Ensure **Credential use** is set to _VPN and apps_.
+7. Select **OK**.
 
 </TabItem>
 
-<TabItem label="ca certificate">
+<TabItem label="CA certificate">
 
 <Render
 	file="chromeos-cert-settings"
 	params={{ one: "Install a certificate > CA certificate" }}
 />
 
 5. When prompted with a privacy warning, select **Install anyway**.
-
-6. In the file open dialog, choose the `Cloudflare_CA.crt` file you downloaded and select **Open**.
-
+6. In the file open dialog, choose the `Cloudflare_CA.crt` file you downloaded. Select **Open**.
 7. To verify the certificate is installed and trusted, go to **Settings** > **Apps** > **Google Play Store** > **Manage Android Preferences** > **Security** > **Credentials** > **Trusted credentials** > **User**.
 
 </TabItem> </Tabs>
@@ -292,10 +271,9 @@ After adding the Cloudflare certificate to ChromeOS, you may also have to [insta
 
 Some packages, development tools, and other applications provide options to trust root certificates that will allow for the traffic inspection features of Gateway to work without breaking the application.
 
-All of the applications below first require downloading the Cloudflare certificate with the instructions above. On Mac, the default path is `/Library/Keychains/System.keychain Cloudflare_CA.crt`. On Windows, the default path is `\Cert:\CurrentUser\Root`.
+All of the applications below first require downloading the Cloudflare certificate with the instructions above. On macOS, the default path to the system keychain database file is `/Library/Keychains/System.keychain`. On Windows, the default path is `\Cert:\CurrentUser\Root`.
 
 :::note
-
 Some applications require the use of a publicly trusted certificate — they do not trust the system certificate, nor do they have a configurable private store. For these applications to function, you must add a [Do Not Inspect policy](/cloudflare-one/policies/gateway/http-policies/#do-not-inspect) for the domains or IPs that the application relies on.
 :::
 
