From bbf14145e9622938b4daf55a50a4aa2184999692 Mon Sep 17 00:00:00 2001
From: joe <joe@elem.com>
Date: Wed, 29 Jan 2025 13:27:32 -0800
Subject: [PATCH 1/2] README: add manual instructions for NixOS

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 4430cc03..ef0cc310 100644
--- a/README.md
+++ b/README.md
@@ -124,6 +124,10 @@ mkcert supports the following root stores:
 
 To only install the local root CA into a subset of them, you can set the `TRUST_STORES` environment variable to a comma-separated list. Options are: "system", "java" and "nss" (includes Firefox).
 
+### Manually-supported root stores
+
+* NixOS Linux: Add to configuration.nix: `security.pki.certificateFiles = [ /home/USER/.local/share/mkcert/rootCA.pem ]; # for local development via SSL`
+
 ## Advanced topics
 
 ### Advanced options

From 3804372c1a571a37428cf5ac82efbfe9398de5a1 Mon Sep 17 00:00:00 2001
From: joe <joe@elem.com>
Date: Wed, 29 Jan 2025 13:28:27 -0800
Subject: [PATCH 2/2] README: improve instructions for Android

---
 README.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index ef0cc310..c67eddfe 100644
--- a/README.md
+++ b/README.md
@@ -171,9 +171,15 @@ mkcert filippo@example.com
 
 For the certificates to be trusted on mobile devices, you will have to install the root CA. It's the `rootCA.pem` file in the folder printed by `mkcert -CAROOT`.
 
+#### iOS
+
 On iOS, you can either use AirDrop, email the CA to yourself, or serve it from an HTTP server. After opening it, you need to [install the profile in Settings > Profile Downloaded](https://github.com/FiloSottile/mkcert/issues/233#issuecomment-690110809) and then [enable full trust in it](https://support.apple.com/en-nz/HT204477).
 
-For Android, you will have to install the CA and then enable user roots in the development build of your app. See [this StackOverflow answer](https://stackoverflow.com/a/22040887/749014).
+#### Android
+
+Save `rootCA.pem` in any folder *other than* Downloads.  Then go to "System Settings : Security & privacy : Mores security & privacy : Encryption & credentials : Install a certificate : CA certificate".  Select "Install anyway" and select `rootCA.pem`.
+
+You may also need to enable user roots in the development build of your app. See [this StackOverflow answer](https://stackoverflow.com/a/22040887/749014).
 
 ### Using the root with Node.js