Install local HTTPS

Trust the Furtka root CA on your device, then reach this box at https:/// with a green padlock. HTTP stays available until you enable the redirect in Settings.

Download the CA

Fingerprint (SHA-256)

Check this fingerprint matches what /settings shows before trusting it on another device. The root CA is unique to this box.

Linux (system-wide)

Arch / Fedora / RHEL:

sudo cp rootCA.crt /etc/ca-certificates/trust-source/anchors/furtka-local.crt
sudo update-ca-trust

Debian / Ubuntu:

sudo cp rootCA.crt /usr/local/share/ca-certificates/furtka-local.crt
sudo update-ca-certificates

Firefox keeps its own certificate store. After the above, open about:preferences#privacyView CertificatesAuthoritiesImport, pick rootCA.crt, tick Trust this CA to identify websites.

macOS

  1. Double-click rootCA.crt. Keychain Access opens.
  2. When prompted, add it to the System keychain.
  3. Find the Furtka entry, double-click, expand Trust, set When using this certificate to Always Trust.
  4. Close the window — you will be asked for your password.

Windows

  1. Double-click rootCA.crt.
  2. Click Install Certificate.
  3. Choose Local Machine (requires admin) and click Next.
  4. Select Place all certificates in the following storeBrowseTrusted Root Certification Authorities.
  5. Finish. Chrome and Edge pick this up immediately. Firefox keeps its own store — import the same file via Firefox settings.

Android

  1. Transfer rootCA.crt to the device (AirDrop, email, USB — whatever is handy).
  2. Settings → Security (or Security & privacy) → More security settingsEncryption & credentialsInstall a certificateCA certificate.
  3. Confirm the warning, then pick the file.

Android 11+ only trusts user-installed CAs for browsers by default. Some apps (banking, Play services) ignore them. Not a Furtka bug — an Android policy choice.

iOS & iPadOS

Honest warning: iOS needs a signed configuration profile for a properly trusted CA. What works today:

  1. Email rootCA.crt to yourself and open the attachment in Mail. iOS prompts to install a profile.
  2. Settings → GeneralVPN & Device Management → tap the Furtka profile → Install.
  3. Settings → GeneralAboutCertificate Trust Settings → toggle Furtka on.

A packaged .mobileconfig makes this smoother; it's on the roadmap but not in this release.