CA certificates

Does a standard Leap 42.3 installation from DVD -regardless of desktop environment- already include a CA certificates package for use with, say, curl or IRC clients such as Hexchat or Polari? Or must one install it apart after installation?

Checking what is installed, I see:

ca-certificates
ca-certificates-cacert
ca-certificates-mozilla
mozilla-nss-certs
mozilla-nss-certs-32bit

(that’s from searching for “certificates”)

The first of those looks as if it is always installed.
The second is something that I manually installed.
The other three are likely installed if firefox is installed.

I told Yast to “skip auto-refresh” because of the problems at “download.opensuse.org”.

And is ca-certificates package enough for using, say, Hexchat or Polari to connect to channels via TLS? Or do you need also ca-certificates-cacert package? That’s the actual question.

I’m pretty sure that you DO NOT need the “ca-certificates-cacert” package.

You only need that if you are using a cacert certificate, or connecting to something that uses a cacert certificate. I have not come across many sites that use such a certificate. I install it mostly as a gesture of support for what the cacert folk are doing.

In general,
You need to read the application documentation, for some apps you need to install them in a particular location, managed by the app.

For others or if there is no mention,
Then I’d recommend installing in a well known system location, most likely the Gnome-keyring.

TSU

In general,
It depends on the Server you’re connecting to.

Your client app needs to use a CA (certificate of authority) that is also trusted by the Server.
Again, this is probably somewhere in the documentation in this case provided by whoever set up and maintains the server.

TSU