UPDATE-CA-CERTIFICATES(8) System Manager's Manual UPDATE-CA-CERTIFICATES(8)
NAME
update-ca-certificates - update system CA certificates
SYNOPSIS
update-ca-certificates [options]
DESCRIPTION
update-ca-certificates updates the directory /etc/ssl/certs to hold SSL certificates and generates /etc/ssl/ca-bundle.pem, a concatenated
single-file list of certificates.
It reads the file /etc/ca-certificates.conf. Each line gives a pathname of a CA certificate under /usr/share/ca-certificates that should be
trusted. Lines that begin with "#" are comment lines and thus ignored. Lines that begin with "!" are deselected, causing the deactivation
of the CA certificate in question. All certificates are implicitly trusted if no trusted certificates are listed.
Furthermore all certificates found below /usr/local/share/ca-certificates are also included as implicitly trusted.
After populating /etc/ssl/certs update-ca-certificates invokes custom hooks in /usr/lib/ca-certificates/update.d/*.run and /etc/ca-certifi-
cates/update.d/*.run. The command line options used for invoking update-ca-certificates are passed to the hooks as well.
OPTIONS
A summary of options is included below.
-h, --help
Show summary of options.
-v, --verbose
Be verbose. Output c_rehash.
-f, --fresh
Fresh updates. Removes symlinks in /etc/ssl/certs directory and re-creates them from scratch.
FILES
/etc/ca-certificates.conf
A configuration file.
/etc/ssl/ca-bundle.pem
A single-file version of all CA certificates. Use of this file is deprecated and should only be used as last resort by applications
that cannot parse the /etc/ssl/certs directory.
/usr/share/ca-certificates
Directory of CA certificates. /usr/local/share/ca-certificates Directory of local CA certificates.
SEE ALSO
c_rehash(1),
AUTHOR
This manual page was written by Fumitoshi UKAI <ukai@debian.or.jp>, for the Debian project and modified by Ludwig Nussel <ludwig.nus-
sel@suse.de>.
27 April 2010 UPDATE-CA-CERTIFICATES(8)