Does a standard Leap 42.3 installation from DVD -regardless of desktop environment- already include a CA certificates package for use with, say, curl or IRC clients such as Hexchat or Polari? Or must one install it apart after installation?
Checking what is installed, I see:
(that’s from searching for “certificates”)
The first of those looks as if it is always installed.
The second is something that I manually installed.
The other three are likely installed if firefox is installed.
I told Yast to “skip auto-refresh” because of the problems at “download.opensuse.org”.
And is ca-certificates package enough for using, say, Hexchat or Polari to connect to channels via TLS? Or do you need also ca-certificates-cacert package? That’s the actual question.
I’m pretty sure that you DO NOT need the “ca-certificates-cacert” package.
You only need that if you are using a cacert certificate, or connecting to something that uses a cacert certificate. I have not come across many sites that use such a certificate. I install it mostly as a gesture of support for what the cacert folk are doing.
You need to read the application documentation, for some apps you need to install them in a particular location, managed by the app.
For others or if there is no mention,
Then I’d recommend installing in a well known system location, most likely the Gnome-keyring.
It depends on the Server you’re connecting to.
Your client app needs to use a CA (certificate of authority) that is also trusted by the Server.
Again, this is probably somewhere in the documentation in this case provided by whoever set up and maintains the server.