-It reads /etc/ca-certificates.conf file. Each lines list pathname of
-activated CA certificates under /usr/share/ca-certificates.
-Lines that begin with "#" is comment line.
-Lines that begin with "!" is deselect, deactivation of the CA certificates.
+It reads the file /etc/ca-certificates.conf. Each line gives a pathname of
+a CA certificate under /usr/share/ca-certificates that should be trusted.
+Lines that begin with "#" are comment lines and thus ignored.
+Lines that begin with "!" are deselected, causing the deactivation of the CA
+certificate in question.
+.PP
+Furthermore all certificates found below /usr/local/share/ca-certificates
+are also included as implicitly trusted.