On 09/20/2012 05:55 PM, Daniel Kahn Gillmor wrote: > That said, if you *do* want to add trusted root CAs to a debian-derived > system that aren't already shipped in the ca-certificates package, you > probably don't want to tamper with the contents of > /usr/share/ca-certificates directly. That part of the filesystem is > controlled by the ca-certificates package. > > Instead, for any CA that you want to add to a system as the admin, you > only need to drop a world-readable PEM-encoded file containing the CA's > certificate into /usr/share/ca-certificates/, and then re-run > "update-ca-certificates" as the superuser. This will create links > properly under /etc/ssl/certs, and will include them in > /etc/ssl/ca-certificates.crt. >
gah -- the above is wrong in a very confusing way, apologies!
/usr/share/ca-certificates
is controlled by the ca-certificates package.
But the local system administrator has free reign over:
/usr/local/share/ca-certificates
note the "/local/", which i sloppily left out of my original next.
files in the latter directory are automatically added to the system
default list of trusted root authorities whenever update-ca-certificates
is run.
sorry for adding to the confusion,
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
