ca-certificates/README.usr

28 lines
1.3 KiB
Plaintext
Raw Normal View History

This directory /usr/share/pki/ca-trust-source/ contains CA certificates and
trust settings in the PEM file format. The trust settings found here will be
interpreted with a low priority, lower than the ones found in
/etc/pki/ca-trust/source.
You may install additional certificates or bundles into this directory.
Each file may contain one or many certificates and trust flags in a
PEM file format, as documented in the x509(1) manual page.
Allowed formats are:
- The BEGIN/END CERTIFICATE file format.
Such certificates will be trusted for TLS server auth, only.
- The BEGIN/END TRUSTED CERTIFICATE file format.
Such certificates will be trusted or distrusted according to the
trust settings contained in the PEM format data blocks.
Applications that are able to use PKCS#11 modules can dynamically use
the merged set of certificates from
/usr/share/pki/ca-trust-source/ and /etc/pki/ca-trust/source
by loading p11-kit-trust.so
Applications that rely on a static file for a list of trusted CAs
may load one of the files found in the /etc/pki/ca-trust/extracted
directory. After modifying the set of files stored in the
/usr/share/pki/ca-trust-source/ or /etc/pki/ca-trust/source
are modified, it is required to run the ca-update-trust command,
in order to update the merged files in /etc/pki/ca-trust/extracted .