What is the use/purpose of the ca-certificates package?

Solution 1:

I'm not certain what exactly you're asking, so I think perhaps it is a two parter.

Question 1: What is a ca-certificate?

Short:

It is a digital certificate that is used to verify the identity of 3rd parties, and encrypt data between you and said 3rd party.

Long:

A certificate authority (ca), is a trusted entity (like Comodo) that issues digital documents that can be used like a digital passport. When we go to a website (like google.com), Google will send you their certificate. Our browsers do a little magic with the ca-certificate, and either verify or reject the certificate provided by Google.

It also is used to process data back and forth between you and Google, so that it is encrypted in transit. This helps stop people from watching your data move between you and Google.

It also helps you determine if someone is trying to scam you by pretending to be Google, your bank or other sites.

While not foolproof, it is by far much safer than plain text that can be read by almost anyone.

Further Reading:

• http://searchsecurity.techtarget.com/definition/certificate-authority

Question 2: What is the ca-certificates package?

Short:

A deb package that contains certificates provided by the Certificate Authorities.

Long:

All digital certificates need to be updated, replaced and changed every now and then. This package holds the updated versions of the ca-certificates that are common to everyone.

It simplifies the process of downloading certificates and importing them manually.

When you install the ca-certificates package, you also get an updater.

You can run it manually or add it to a cron job. You can find more information in the links below.

Further Reading:

• http://manpages.ubuntu.com/manpages/xenial/man8/update-ca-certificates.8.html
• https://launchpad.net/ubuntu/xenial/+package/ca-certificates
• https://launchpad.net/ubuntu/+source/ca-certificates/+changelog