CA certificates

Does a standard Leap 42.3 installation from DVD -regardless of desktop environment- already include a CA certificates package for use with, say, curl or IRC clients such as Hexchat or Polari? Or must one install it apart after installation?

Checking what is installed, I see:


(that’s from searching for “certificates”)

The first of those looks as if it is always installed.
The second is something that I manually installed.
The other three are likely installed if firefox is installed.

I told Yast to “skip auto-refresh” because of the problems at “”.

And is ca-certificates package enough for using, say, Hexchat or Polari to connect to channels via TLS? Or do you need also ca-certificates-cacert package? That’s the actual question.

I’m pretty sure that you DO NOT need the “ca-certificates-cacert” package.

You only need that if you are using a cacert certificate, or connecting to something that uses a cacert certificate. I have not come across many sites that use such a certificate. I install it mostly as a gesture of support for what the cacert folk are doing.

In general,
You need to read the application documentation, for some apps you need to install them in a particular location, managed by the app.

For others or if there is no mention,
Then I’d recommend installing in a well known system location, most likely the Gnome-keyring.


In general,
It depends on the Server you’re connecting to.

Your client app needs to use a CA (certificate of authority) that is also trusted by the Server.
Again, this is probably somewhere in the documentation in this case provided by whoever set up and maintains the server.