[docs] Reorganize information on SSL certificates

The project's top-level `README.md` file contains a good deal of
information which may not be relevant to all readers. This risks
overwhelming newcomers, and it also discourages referencing the content
in more targeted contexts from the project's documentation website.

Move the information on SSL certificates from the top-level `README.md`
file to the corresponding document within the `tools/certs/` directory.
Reference the newly-expanded file from the `docs/` directory so that it
is included in the generated website (including the search engine).

Author: jugglinmike

README.md

@@ -180,76 +180,6 @@ Please make sure git and your text editor do not automatically convert
 line endings, as it will cause lint errors. For git, please set
 `git config core.autocrlf false` in your working tree.
 
-Certificates
-============
-
-By default pre-generated certificates for the web-platform.test domain
-are provided in [`tools/certs`](tools/certs). If you wish to generate new
-certificates for any reason it's possible to use OpenSSL when starting
-the server, or starting a test run, by providing the
-`--ssl-type=openssl` argument to the `wpt serve` or `wpt run`
-commands.
-
-If you installed OpenSSL in such a way that running `openssl` at a
-command line doesn't work, you also need to adjust the path to the
-OpenSSL binary. This can be done by adding a section to `config.json`
-like:
-
-```
-"ssl": {"openssl": {"binary": "/path/to/openssl"}}
-```
-
-On Windows using OpenSSL typically requires installing an OpenSSL distribution.
-[Shining Light](https://slproweb.com/products/Win32OpenSSL.html)
-provide a convenient installer that is known to work, but requires a
-little extra setup, i.e.:
-
-Run the installer for Win32_OpenSSL_v1.1.0b (30MB). During installation,
-change the default location for where to Copy OpenSSL Dlls from the
-System directory to the /bin directory.
-
-After installation, ensure that the path to OpenSSL (typically,
-this will be `C:\OpenSSL-Win32\bin`) is in your `%Path%`
-[Environment Variable](http://www.computerhope.com/issues/ch000549.htm).
-If you forget to do this part, you will most likely see a 'File Not Found'
-error when you start wptserve.
-
-Finally, set the path value in the server configuration file to the
-default OpenSSL configuration file location. To do this create a file
-called `config.json`.  Then add the OpenSSL configuration below,
-ensuring that the key `ssl/openssl/base_conf_path` has a value that is
-the path to the OpenSSL config file (typically this will be
-`C:\\OpenSSL-Win32\\bin\\openssl.cfg`):
-
-```
-{
-  "ssl": {
-    "type": "openssl",
-    "encrypt_after_connect": false,
-    "openssl": {
-      "openssl_binary": "openssl",
-      "base_path: "_certs",
-      "force_regenerate": false,
-      "base_conf_path": "C:\\OpenSSL-Win32\\bin\\openssl.cfg"
-    },
-  },
-}
-```
-
-### Trusting Root CA
-
-To prevent browser SSL warnings when running HTTPS tests locally, the
-web-platform-tests Root CA file `cacert.pem` in [tools/certs](tools/certs)
-must be added as a trusted certificate in your OS/browser.
-
-**NOTE**: The CA should not be installed in any browser profile used
-outside of tests, since it may be used to generate fake
-certificates. For browsers that use the OS certificate store, tests
-should therefore not be run manually outside a dedicated OS instance
-(e.g. a VM). To avoid this problem when running tests in Chrome or
-Firefox use `wpt run`, which disables certificate checks and therefore
-doesn't require the root CA to be trusted.
-
 Publication
 ===========
 

docs/running-tests/from-local-system.md

@@ -104,7 +104,7 @@ https://web-platform.test:8443/tools/runner/index.html *
 This server has all the capabilities of the publicly-deployed version--see
 [Running the Tests from the Web](from-web).
 
-\**See [Trusting Root CA](https://github.com/web-platform-tests/wpt/blob/master/README.md#trusting-root-ca)*
+\**See [Trusting Root CA](../tools/certs/README.md)*
 
 ## Via the command line
 

docs/running-tests/index.md

@@ -6,6 +6,7 @@
    from-web
    from-local-system
    custom-runner
+   ../tools/certs/README.md
 ```
 
 The simplest way to run the tests is via the public website. More detail on

tools/certs/README.md

@@ -1,11 +1,76 @@
-To enable https://web-platform.test:8443/, add cacert.pem to your browser as Certificate Authority.
+# WPT Test Certificates
+
+The web-platform-tests project maintains a set of SSL certificates to allow
+contributors to execute tests requiring HTTPS locally.
+
+## Trusting Root CA
+
+To prevent browser SSL warnings when running HTTPS tests locally, the
+web-platform-tests Root CA file `cacert.pem` in the `tools/certs/` directory
+must be added as a trusted certificate in your OS/browser.
 
 For Firefox, go to about:preferences and search for "certificates".
 
-For browsers that use the Certificate Authorities of the underlying OS, such as Chrome and Safari,
-you need to adjust the OS. For macOS, go to Keychain Access and add the certificate under
-**login**.
+For browsers that use the Certificate Authorities of the underlying OS, such as
+Chrome and Safari, you need to adjust the OS. For macOS, go to Keychain Access
+and add the certificate under **login**.
+
+**NOTE**: The CA should not be installed in any browser profile used
+outside of tests, since it may be used to generate fake
+certificates. For browsers that use the OS certificate store, tests
+should therefore not be run manually outside a dedicated OS instance
+(e.g. a VM). To avoid this problem when running tests in Chrome or
+Firefox use `wpt run`, which disables certificate checks and therefore
+doesn't require the root CA to be trusted.
+
+## Regenerating certificates
+
+If you wish to generate new certificates for any reason it's possible to use
+OpenSSL when starting the server, or starting a test run, by providing the
+`--ssl-type=openssl` argument to the `wpt serve` or `wpt run` commands.
+
+If you installed OpenSSL in such a way that running `openssl` at a
+command line doesn't work, you also need to adjust the path to the
+OpenSSL binary. This can be done by adding a section to `config.json`
+like:
+
+```
+"ssl": {"openssl": {"binary": "/path/to/openssl"}}
+```
+
+On Windows using OpenSSL typically requires installing an OpenSSL distribution.
+[Shining Light](https://slproweb.com/products/Win32OpenSSL.html)
+provide a convenient installer that is known to work, but requires a
+little extra setup, i.e.:
+
+Run the installer for Win32_OpenSSL_v1.1.0b (30MB). During installation,
+change the default location for where to Copy OpenSSL Dlls from the
+System directory to the /bin directory.
+
+After installation, ensure that the path to OpenSSL (typically,
+this will be `C:\OpenSSL-Win32\bin`) is in your `%Path%`
+[Environment Variable](http://www.computerhope.com/issues/ch000549.htm).
+If you forget to do this part, you will most likely see a 'File Not Found'
+error when you start wptserve.
 
-### Updating these certs
+Finally, set the path value in the server configuration file to the
+default OpenSSL configuration file location. To do this create a file
+called `config.json`.  Then add the OpenSSL configuration below,
+ensuring that the key `ssl/openssl/base_conf_path` has a value that is
+the path to the OpenSSL config file (typically this will be
+`C:\\OpenSSL-Win32\\bin\\openssl.cfg`):
 
-From the root, run `./wpt serve --config tools/certs/config.json` and terminate it after it has started up.
+```
+{
+  "ssl": {
+    "type": "openssl",
+    "encrypt_after_connect": false,
+    "openssl": {
+      "openssl_binary": "openssl",
+      "base_path: "_certs",
+      "force_regenerate": false,
+      "base_conf_path": "C:\\OpenSSL-Win32\\bin\\openssl.cfg"
+    },
+  },
+}
+```