ca-certificates update

Dec. 11, 2014 - Jan Alexander Steffens

The way local CA certificates are handled has changed. If you have added any locally trusted certificates:

  1. Move /usr/local/share/ca-certificates/*.crt to /etc/ca-certificates/trust-source/anchors/
  2. Do the same with all manually-added /etc/ssl/certs/*.pem files and rename them to *.crt
  3. Instead of update-ca-certificates, run trust extract-compat

Also see man 8 update-ca-trust and trust --help.