Shared System Certificates followup: Packaging Guidelines?

Kai Engert kaie at
Wed Jan 8 17:56:57 UTC 2014

On Mi, 2014-01-08 at 09:16 -0800, Adam Williamson wrote: 
> > Packages, that would like to use a default list of CA certificates,
> > should be changed to use (consume) the new consolidated data that we
> > provide as part of SharedSystemCertificates.
> This could do with some specifics:
> [adamw at adam libtorrent (master)]$ rpm -ql ca-certificates | grep -c -e
> 'pem' -e 'crt'
> 11
> [adamw at adam libtorrent (master)]$ 
> which one of those 11 files, exactly, should we have packages use when?
> When I came up against this situation recently I threw a dart and
> picked /etc/pki/tls/certs/ca-bundle.crt , but I'm hardly certain.

The manual page explains which files are intended for which purpose, and
also mentions the availability of a smarter pkcs#11 module for
applications that are able to use it.

$ rpm -ql ca-certificates |grep -w man
$ man update-ca-trust


More information about the devel mailing list