This package contains the update-ca-certificates(8) tool maintained by the Debian Project (in the ca-certificates package they distribute) to manage the set of configured trust anchors for openssl. The ca-certificates framework enables the sysadmin to configure the certificates to install, using multiple sources of CA certificates, for example to include local CAs. See update-ca-certificates(8) for details. This package also contains the certificate authorities shipped with Mozilla's browser to allow SSL-based applications to check for the authenticity of SSL connections. Please note that Debian, NetBSD, and pkgsrc can neither confirm nor deny whether the certificate authorities whose certificates are included in this package have in any way been audited for trustworthiness or RFC 3647 compliance. Full responsibility to assess them belongs to the local system administrator. See also the mozilla-rootcerts and mozilla-rootcerts-openssl packages for alternative approaches to installing CA certificates.
Binary packages can be installed with the high-level tool pkgin (which can be installed with pkg_add) or pkg_add(1) (installed by default). The NetBSD packages collection is also designed to permit easy installation from source.
The pkg_admin audit command locates any installed package which has been mentioned in security advisories as having vulnerabilities.
Please note the vulnerabilities database might not be fully accurate, and not every bug is exploitable with every configuration.
Problem reports, updates or suggestions for this package should be reported with send-pr.