The Debian Package “ca-certificates”
----------------------------------

This package includes PEM files of CA certificates to allow SSL-based
applications to check for the authenticity of SSL connections.

Please note that certificate authorities whose certificates are included
in this package are not in any way audited for trustworthiness and RFC
3647 compliance, and that full responsibility to assess them belongs to
the local system administrator.

The CA certificates contained in this package are installed into
“/usr/share/ca-certificates”.

The configuration file “/etc/ca-certificates.conf” is seeded with
trust information through Debconf.  Just call “dpkg-reconfigure
ca-certificates” to adjust the settings.

“update-ca-certificates” will then update “/etc/ssl/certs” which may be
used by the web browsers in Debian.  It will also generate the hash
symlinks and generate a single-file version in
“/etc/ssl/certs/ca-certificates.crt”.


How certificates will be accepted into the ca-certificates package
------------------------------------------------------------------

 Option 1:
 - File a *GPG-signed* bug report against ca-certificates with
   *severity normal*.  The bug report must include an attached
   copy of the PEM certificates of the CA, a link to and a
   description of the CA, the licence of the CA certificate
   and signed fingerprint and/or hash values of the certificate.
 - Get two or three recommendations from other people to the
   bug report, GPG-signed (preferably from the strong set).
 - CA certificates will not be accepted if requested by only
   one person.

 Option 2:
 - Get it included into Mozilla's trust store.
 - File a bug against ca-certificates stating this fact.