File update-ca-certificates.8 of Package ca-certificates

.\"                                      Hey, EMACS: -*- nroff -*-
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.\" Please adjust this date whenever revising the manpage.
.\" Some roff macros, for reference:
.\" .nh        disable hyphenation
.\" .hy        enable hyphenation
.\" .ad l      left justify
.\" .ad b      justify to both left and right margins
.\" .nf        disable filling
.\" .fi        enable filling
.\" .br        insert line break
.\" .sp <n>    insert n+1 empty lines
.\" for manpage-specific macros, see man(7)
update-ca-certificates \- update system CA certificates
.B update-ca-certificates
.RI [ options ]
\fBupdate-ca-certificates\fP updates the directory
/etc/ssl/certs to hold SSL certificates and generates /etc/ssl/ca-bundle.pem,
a concatenated single-file list of certificates.
It reads the file /etc/ca-certificates.conf. Each line gives a pathname of
a CA certificate under /usr/share/ca-certificates that should be trusted.
Lines that begin with "#" are comment lines and thus ignored.
Lines that begin with "!" are deselected, causing the deactivation
of the CA certificate in question. All certificates are implicitly
trusted if no trusted certificates are listed.
Furthermore all certificates found below /usr/local/share/ca-certificates
are also included as implicitly trusted.
After populating /etc/ssl/certs \fBupdate-ca-certificates\fP invokes
custom hooks in /usr/lib/ca-certificates/update.d/*.run and
/etc/ca-certificates/update.d/*.run. The command line options used
for invoking update-ca-certificates are passed to the hooks as well.
A summary of options is included below.
.B \-h, \-\-help
Show summary of options.
.B \-v, \-\-verbose
Be verbose. Output \fBc_rehash\fP.
.B \-f, \-\-fresh
Fresh updates.  Removes symlinks in /etc/ssl/certs directory and
re-creates them from scratch.
.I /etc/ca-certificates.conf
A configuration file.
.I /etc/ssl/ca-bundle.pem
A single-file version of all CA certificates. Use of this file is
deprecated and should only be used as last resort by applications
that cannot parse the /etc/ssl/certs directory.
.I /usr/share/ca-certificates
Directory of CA certificates.
.I /usr/local/share/ca-certificates
Directory of local CA certificates.
.BR c_rehash (1),
This manual page was written by Fumitoshi UKAI <>,
for the Debian project and modified by Ludwig Nussel
openSUSE Build Service is sponsored by