Linux command
update-ca-trust 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
Update CA certificate trust store
sudo update-ca-trust extract
Update trust store (short form)
sudo update-ca-trust
Check current trust configuration
update-ca-trust check
说明
update-ca-trust manages the system's CA certificate trust store on Red Hat-based distributions. It consolidates certificates from multiple sources into unified files that applications use for SSL/TLS verification. Certificates placed in the anchors directory are added to the trust store. Certificates in the blacklist directory are explicitly distrusted. Both PEM and DER formats are supported. After adding or removing certificates, run update-ca-trust extract to rebuild the consolidated trust files. Applications reading from /etc/pki/ca-trust/extracted/ will then use the updated certificates.
FAQ
What is the update-ca-trust command used for?
update-ca-trust manages the system's CA certificate trust store on Red Hat-based distributions. It consolidates certificates from multiple sources into unified files that applications use for SSL/TLS verification. Certificates placed in the anchors directory are added to the trust store. Certificates in the blacklist directory are explicitly distrusted. Both PEM and DER formats are supported. After adding or removing certificates, run update-ca-trust extract to rebuild the consolidated trust files. Applications reading from /etc/pki/ca-trust/extracted/ will then use the updated certificates.
How do I run a basic update-ca-trust example?
Run `sudo update-ca-trust extract` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
Where can I find more update-ca-trust examples?
This page includes 3 examples for update-ca-trust, plus related commands for nearby Linux tasks.