Root CA Certificate Location on Linux

PKI Tutorials - Herong's Tutorial Examples

∟Root CA Certificate Location on Linux

This section provides a quick introduction of root CA certificate location on Linux computer.

Where are root CA certificates located? - The default location of trusted root CA certificates is /etc/ssl/certs on most Linux computers. Here are some examples:

On a Ubuntu computer, root CA certificates are represented as individual symbolic links in the /etc/ssl/certs directory.

herong$ ls -l /etc/ssl/certs 

002c0b4f.0 -> GlobalSign_Root_R46.pem
02265526.0 -> Entrust_Root_Certification_Authority_-_G2.pem
062cdee6.0 -> GlobalSign_Root_CA_-_R3.pem
064e0aa9.0 -> QuoVadis_Root_CA_2_G3.pem
06dc52d5.0 -> SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
..
vTrus_ECC_Root_CA.pem 
  -> /usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt
vTrus_Root_CA.pem 
  -> /usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt
XRamp_Global_CA_Root.pem 
  -> /usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt

On a macOS computer, root CA certificates are not stored at the default location, /etc/ssl/certs. They are stored in a single certificate bundle file, /etc/ssl/cert.pem.

herong$ ls -l /etc/ssl/certs 

herong$ ls -l /etc/ssl

-rw-r--r--  1 root  wheel  227344 Feb  9  2017 cert.pem
drwxr-xr-x  2 root  wheel      68 Feb  9  2017 certs

On a CentOS computer, the /etc/ssl/certs directory is redirected to /etc/pki/tls/certs, which holds symbolic links of 2 root CA certificate bundle files.

herong$ ls -l /etc/ssl/certs
  /etc/ssl/certs -> ../pki/tls/certs 

herong$ ls -l /etc/pki/tls/certs
  ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
  ca-bundle.trust.crt -> 
    /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt