Optimal path to store manually new remote site certificate

For Cisco VPN agent app remote network certificate needs to be installed manually to Manjaro.
Question arises which path will be the optimal to install certificate new to.
There is one certificate files tree in /etc/ca-certificates - which branch that tree to take?
Preferable is that kind of location multiple apps can grab for new certificate, not just VPN agent.

/usr/local/share/ca-certificates doesn’t exists this machine as of this minute.

Hi @Dyrr,

I’d say:

  • If for one user only, somewhere in their home directory; and
  • if for more than one user, the /etc directory sounds good.

But maybe that’s just my opinion.

(Per-app doesn’t really matter, according to me, because if your user can access it, the app probably will be able to as well.)

And this goes for anything, not just certificates.

Thanks. Yes, I mean one common location visible for all apps rather than per app.
How are the odds for apps Manjaro machine to see and use /usr/local/share/ca-certificates?

As of this minute I also don’t find certificates store directory in home dir which could be common for all apps. All found over there rather caching dirs or snap-apps specific.

/usr/local/share/ca-certificates seems to work well - result of short test.
Thank you for support.

AFAIK, and I’m not :100: about this, /usr shouldn’t really be used for custom things. But /usr/local/ might work.

Not :100: on this though…

Please take a look at Transport Layer Security - ArchWiki

It may provide you with the necessary information

1 Like