ClarkZoneServer

Trust this device

Install the internal root certificate so this device trusts code.warp , git.warp , symphony.warp , and every other *.warp service on the mesh.

1 Download the root cert

Download caddy-warp-root.crt

Subject
CN=Caddy Local Authority - 2026 ECC Root
Issuer
self-signed
Valid
2026-05-07 → 2036-03-15
Key
ECDSA P-384

2 Verify the fingerprint

Before trusting it, confirm the SHA-256 on the device matches this exact value:

BF:83:D9:64:46:38:6E:8F:A2:93:58:E6:A4:BD:24:6F:4A:95:26:60:03:51:09:01:42:72:AB:B3:0F:BF:C1:7E

Compute on the device

macOS / Linux: 

  
    openssl x509 -in caddy-warp-root.crt -noout -fingerprint -sha256

Windows (PowerShell): 

  
    certutil -hashfile caddy-warp-root.crt SHA256

iOS / Android: the OS displays the fingerprint in the install confirmation dialog — eyeball it against the value above before tapping Install.

3 Install per platform

Windows 10 / 11
  1. Double-click the downloaded .crt .
  2. Click Install Certificate .
  3. Choose Local Machine (admin password) and Next .
  4. Pick Place all certificates in the following store , click Browse… , and select Trusted Root Certification Authorities .
  5. Next → Finish. Confirm the fingerprint when prompted.
  6. Restart Chrome / Edge.

PowerShell alternative (admin): 

  
    Import-Certificate -FilePath .\caddy-warp-root.crt `
  -CertStoreLocation Cert:\LocalMachine\Root
macOS
  1. Double-click the .crt — Keychain Access opens.
  2. Add to the System keychain (admin password).
  3. Find Caddy Local Authority in System, double-click it.
  4. Expand Trust , set When using this certificate to Always Trust , close (admin password).

Terminal alternative: 

  
    sudo security add-trusted-cert -d -r trustRoot \
  -k /Library/Keychains/System.keychain \
  caddy-warp-root.crt
iOS / iPadOS two-step — don't stop after install
  1. Open this page in Safari on the device and tap the download button above.
  2. iOS prompts "This website is trying to download a configuration profile" → Allow.
  3. Go to Settings → General → VPN & Device Management , tap the downloaded profile, then Install (twice, with passcode).
  4. Required second step: Settings → General → About → Certificate Trust Settings → toggle Caddy Local Authority to ON . Without this, SSL still fails.
Android 11+
  1. Download the .crt to the device.
  2. Settings → Security & privacy → More security & privacy → Encryption & credentials → Install a certificate → CA certificate .
  3. Acknowledge the warning, pick the file.

Requires a screen lock (PIN / pattern / biometric). Chrome on Android 7+ uses the system store, no extra step.

Linux — system trust

Covers curl , wget , and most CLIs: 

    
      sudo cp caddy-warp-root.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
Linux — Chrome / Chromium / Edge

Chrome on Linux uses NSS, not the system trust store. Also run: 

    
      sudo apt install libnss3-tools   # if needed
certutil -d sql:$HOME/.pki/nssdb -A -t "C,," \
  -n "Caddy Local CA" -i caddy-warp-root.crt
Firefox any OS

Firefox maintains its own trust store, separate from the OS.

  1. Settings → Privacy & Security → Certificates → View Certificates → Authorities → Import .
  2. Pick the .crt .
  3. Check Trust this CA to identify websites . OK.

Per-profile — repeat for each Firefox profile.

4 Verify it worked

Open https://code.warp or https://git.warp . A green lock = done.

From a terminal: 

  
    curl -v https://code.warp/ 2>&1 | grep -iE "subject|issuer|verify"

You should see SSL certificate verify ok and an issuer of Caddy Local Authority .