Linux cli command update-ca-certificates

➡ A Linux man page (short for manual page) is a form of software documentation found on Linux and Unix-like operating systems. This man-page explains the command update-ca-certificates and provides detailed information about the command update-ca-certificates, system calls, library functions, and other aspects of the system, including usage, options, and examples of _. You can access this man page by typing man followed by the update-ca-certificates.

  2 minute read  

NAME 🖥️ update-ca-certificates 🖥️

ca-certificates - update /etc/ssl/certs and ca-certificates.crt

SYNOPSIS

update-ca-certificates [options]

DESCRIPTION

This manual page documents briefly the update-ca-certificates command.

update-ca-certificates is a program that manages the collection of TLS certificates for the local machine and generates ca-certificates.crt. ca-certificates.crt is a single-file of concatenated certificates. The collection of individual certificates is stored at /etc/ssl/certs.

The program reads the configuration file /etc/ca-certificates.conf. Each line gives a pathname of a CA certificate under /usr/share/ca-certificates that should be trusted. Lines that begin with “#” are comment lines and thus ignored. Lines that begin with “!” are deselected, causing the deactivation of the CA certificate in question.

Certificates must be in PEM format and have a .crt extension in order to be included by update-ca-certificates. Furthermore, all certificates with a .crt extension found below /usr/local/share/ca-certificates are also included and implicitly trusted.

To add one or more certificates to the machine, copy the certificates in PEM format with the *.crt extension to /usr/local/share/ca-certificates. There should be one certificate per file, and not multiple certificates in a single file. Then run update-ca-certificates to merge the new certificates into the existing machine store at /etc/ssl/certs.

Before terminating, update-ca-certificates invokes run-parts on /etc/ca-certificates/update.d and calls each hook with a list of certificates: those added are prefixed with a +, those removed are prefixed with a -.

OPTIONS

A summary of options is included below.

-h, –help
Show summary of options.

-v, –verbose
Be verbose. Output openssl rehash.

-f, –fresh
Fresh updates. Remove symlinks in /etc/ssl/certs directory.

–certsconf
Change the configuration file. By default, the file /etc/ca-certificates.conf is used.

–certsdir
Change the certificate directory. By default, the directory /usr/share/ca-certificates is used.

–localcertsdir
Change the local certificate directory. By default, the directory /usr/local/share/ca-certificates is used.

–etccertsdir
Change the /etc certificate directory. By default, the directory /etc/ssl/certs is used.

FILES

/etc/ca-certificates.conf
A configuration file.

/etc/ssl/certs/ca-certificates.crt
A single-file version of CA certificates. This holds all CA certificates that were activated in /etc/ca-certificates.conf.

/usr/share/ca-certificates
Directory of CA certificates provided by the distribution.

/usr/local/share/ca-certificates
Directory of local CA certificates, with .crt extension, provided by the user.

SEE ALSO

openssl(1)

AUTHOR

This manual page was written by Fumitoshi UKAI <[email protected]>, for the Debian project (but may be used by others).

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░