The Mozilla CA root certificate bundle
81a090f89a
Related: RHEL-44988 original issue - FC-986 Add the --output option to update-ca-trust so that trust stores can be written to a different output directory. This is useful to prepare trust store directories that can be used in containers. Additionally, fix running update-ca-trust as non-root user (specifically, without CAP_DAC_OVERRIDE) which was previously required to create two symbolic links. Quote all uses of $DEST since a user-specified path could contain spaces. |
||
|---|---|---|
| tests | ||
| .gitignore | ||
| ca-certificates.spec | ||
| ca-legacy | ||
| ca-legacy.8.txt | ||
| ca-legacy.conf | ||
| certdata2pem.py | ||
| certdata.txt | ||
| check_certs.sh | ||
| fetch.sh | ||
| gating.yaml | ||
| nssckbi.h | ||
| README.edk2 | ||
| README.etc | ||
| README.extr | ||
| README.java | ||
| README.openssl | ||
| README.pem | ||
| README.src | ||
| README.usr | ||
| sort-blocks.py | ||
| sources | ||
| trust-fixes | ||
| update-ca-trust | ||
| update-ca-trust.8.txt | ||
This directory /usr/share/pki/ca-trust-source/ contains CA certificates and
trust settings in the PEM file format. The trust settings found here will be
interpreted with a low priority - lower than the ones found in
/etc/pki/ca-trust/source/ .
=============================================================================
QUICK HELP: To add a certificate in the simple PEM or DER file formats to the
list of CAs trusted on the system:
Copy it to the
/usr/share/pki/ca-trust-source/anchors/
subdirectory, and run the
update-ca-trust
command.
If your certificate is in the extended BEGIN TRUSTED file format,
then place it into the main source/ directory instead.
=============================================================================
Please refer to the update-ca-trust(8) manual page for additional information.