1
The Debian Package ca-certificates
1
The Debian Package “ca-certificates”
2
2
----------------------------------
4
Common CA certificates PEM files, installed in /usr/share/ca-certificates/
6
It includes the following certificates:
7
- spi-inc.org certificate
8
- db.debian.org certificate
9
- debconf.org certificate
10
- Mozilla builtin CA certificates
11
- brasil.gov.br certificate
12
- cacert.org certificate
15
/etc/ca-certificates.conf
17
# dpkg-reconfigure ca-certificates
19
update-ca-certificates will update /etc/ssl/certs
21
generate ca-certificates.crt (single-file version)
23
/etc/ssl/certs/ca-certificates.crt may be used by the web browsers
24
in Debian, such as w3m, when deciding what secure web sites to trust.
25
For w3m package, it has ssl_ca_path configuration in /etc/w3m/w3mconfig,
26
so it works without any configuration. You can specify
27
/etc/ssl/certs/ca-certificates.crt for ssl_ca_file instead.
30
How certificate will be accepted in ca-certificates package
31
-----------------------------------------------------------
33
- submit *GPG signed* bug report to ca-certificate with severity normal.
34
the bug report should include
35
- description of the CA
36
- how to obtain CA cert pem or paste it in the bug report
37
- license of the CA certificate
38
- fingerprint and/or hash value of the cert
39
- get 2 or 3 recommendation ("seconded" mail) from other people to
40
the bug report, GPG signed.
41
I won't accept if the CA is requested by only one people.
43
-- Fumitoshi UKAI <ukai@debian.or.jp>, Thu, 17 Aug 2006 13:27:55 +0900
4
This package includes PEM files of CA certificates to allow SSL-based
5
applications to check for the authenticity of SSL connections.
7
Please note that certificate authorities whose certificates are included
8
in this package are not in any way audited for trustworthiness and RFC
9
3647 compliance, and that full responsibility to assess them belongs to
10
the local system administrator.
12
The CA certificates contained in this package are installed into
13
“/usr/share/ca-certificates”.
15
The configuration file “/etc/ca-certificates.conf” is seeded with
16
trust information through Debconf. Just call “dpkg-reconfigure
17
ca-certificates” to adjust the settings.
19
“update-ca-certificates” will then update “/etc/ssl/certs” which may be
20
used by the web browsers in Debian. It will also generate the hash
21
symlinks and generate a single-file version in
22
“/etc/ssl/certs/ca-certificates.crt”.
25
How certificates will be accepted into the ca-certificates package
26
------------------------------------------------------------------
29
- File a *GPG-signed* bug report against ca-certificates with
30
*severity normal*. The bug report must include an attached
31
copy of the PEM certificates of the CA, a link to and a
32
description of the CA, the licence of the CA certificate
33
and signed fingerprint and/or hash values of the certificate.
34
- Get two or three recommendations from other people to the
35
bug report, GPG-signed (preferably from the strong set).
36
- CA certificates will not be accepted if requested by only
40
- Get it included into Mozilla's trust store.
41
- File a bug against ca-certificates stating this fact.