← 返回命令列表

Linux command

update-ca-certificates 命令

安全

权限或系统影响较大,执行前请核对目标。

常用示例

Update

sudo update-ca-certificates

Perform a fresh update

sudo update-ca-certificates --fresh

Update with verbose

sudo update-ca-certificates --verbose

说明

update-ca-certificates updates the directory /etc/ssl/certs to hold SSL certificates and generates ca-certificates.crt, a concatenated single-file list of trusted certificate authorities. It is used to maintain the system-wide set of CA certificates that applications rely on for verifying TLS/SSL connections. The program reads /etc/ca-certificates.conf, where each line specifies a pathname of a CA certificate under /usr/share/ca-certificates that should be trusted. Lines beginning with # are comments and are ignored. Lines beginning with ! deselect a certificate, causing it to be deactivated. Certificates must have a .crt extension to be included. All certificates with a .crt extension found under /usr/local/share/ca-certificates are also included as implicitly trusted, making this the recommended location for adding custom CA certificates. After updating, the program executes hooks in /etc/ca-certificates/update.d via run-parts, passing lists of added (prefixed with +) and removed (prefixed with -) certificates.

参数

-h, --help
Show summary of options.
-v, --verbose
Be verbose. Display c_rehash results.
-f, --fresh
Fresh update. Remove all symlinks in /etc/ssl/certs before regenerating them.

FAQ

What is the update-ca-certificates command used for?

update-ca-certificates updates the directory /etc/ssl/certs to hold SSL certificates and generates ca-certificates.crt, a concatenated single-file list of trusted certificate authorities. It is used to maintain the system-wide set of CA certificates that applications rely on for verifying TLS/SSL connections. The program reads /etc/ca-certificates.conf, where each line specifies a pathname of a CA certificate under /usr/share/ca-certificates that should be trusted. Lines beginning with # are comments and are ignored. Lines beginning with ! deselect a certificate, causing it to be deactivated. Certificates must have a .crt extension to be included. All certificates with a .crt extension found under /usr/local/share/ca-certificates are also included as implicitly trusted, making this the recommended location for adding custom CA certificates. After updating, the program executes hooks in /etc/ca-certificates/update.d via run-parts, passing lists of added (prefixed with +) and removed (prefixed with -) certificates.

How do I run a basic update-ca-certificates example?

Run `sudo update-ca-certificates` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -h, --help do in update-ca-certificates?

Show summary of options.