UPDATE-CA-CERTIFICATES(8) System Manager’s Manual UPDATE-CA-CERTIFICATES(8)
update-ca-certificates – update /etc/ssl/certs and ca-certificates.crt
This manual page documents briefly the update-ca-certificates command.
update-ca-certificates is a program that updates the directory
/etc/ssl/certs to hold SSL certificates and generates ca-certifi‐
cates.crt, a concatenated single-file list of certificates.
It reads the file /etc/ca-certificates.conf. Each line gives a pathname
of a CA certificate under /usr/share/ca-certificates that should be
trusted. Lines that begin with “#” are comment lines and thus ignored.
Lines that begin with “!” are deselected, causing the deactivation of
the CA certificate in question. Certificates must have a .crt extension
in order to be included by update-ca-certificates.
Furthermore all certificates with a .crt extension found below
/usr/local/share/ca-certificates are also included as implicitly
Before terminating, update-ca-certificates invokes run-parts on
/etc/ca-certificates/update.d and calls each hook with a list of cer‐
tificates: those added are prefixed with a +, those removed are pre‐
fixed with a -.
A summary of options is included below.
Show summary of options.
Be verbose. Output c_rehash.
Fresh updates. Remove symlinks in /etc/ssl/certs directory.
A configuration file.
A single-file version of CA certificates. This holds all CA
certificates that you activated in /etc/ca-certificates.conf.
Directory of CA certificates.
Directory of local CA certificates (with .crt extension).
This manual page was written by Fumitoshi UKAI
the Debian project (but may be used by others).
20 April 2003 UPDATE-CA-CERTIFICATES(8)