1 The Debian Package “ca-certificates”
2 ----------------------------------
4 This package includes PEM files of CA certificates to allow SSL-based
5 applications to check for the authenticity of SSL connections.
7 Please note that certificate authorities whose certificates are included
8 in this package are not in any way audited for trustworthiness and RFC
9 3647 compliance, and that full responsibility to assess them belongs to
10 the local system administrator.
12 The CA certificates contained in this package are installed into
13 “/usr/share/ca-certificates”.
15 The configuration file “/etc/ca-certificates.conf” is seeded with
16 trust information through Debconf. Just call “dpkg-reconfigure
17 ca-certificates” to adjust the settings.
19 “update-ca-certificates” will then update “/etc/ssl/certs” which may be
20 used by the web browsers in Debian. It will also generate the hash
21 symlinks and generate a single-file version in
22 “/etc/ssl/certs/ca-certificates.crt”.
25 How certificates will be accepted into the ca-certificates package
26 ------------------------------------------------------------------
29 - File a *GPG-signed* bug report against ca-certificates with
30 *severity normal*. The bug report must include an attached
31 copy of the PEM certificates of the CA, a link to and a
32 description of the CA, the licence of the CA certificate
33 and signed fingerprint and/or hash values of the certificate.
34 - Get two or three recommendations from other people to the
35 bug report, GPG-signed (preferably from the strong set).
36 - CA certificates will not be accepted if requested by only
40 - Get it included into Mozilla's trust store.
41 - File a bug against ca-certificates stating this fact.