# Demystifying Certificate Updates: A Visual Guide for Debian, Ubuntu, Fedora, and RHEL Systems

Ever wondered how `update-ca-certificates` on Debian/Ubuntu, and `update-ca-trust` on Fedora/RHEL-based Linux systems works?

If you take the time to read through the respective `man` pages, you will find that they already do a quite decent job at explaining the mechanisms, but who’s got time nowadays?

So, without further ado, let me present a flowchart that should give you a 90% overview for these architectures.

Please note that these diagrams reflects my current understanding and may be incomplete or outdated. No guarantee of accuracy is provided.

## Debian/Ubuntu: `update-ca-certificates`

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1760714038626/7c9aa90a-2ef7-4db6-9a61-dc043f40eec8.png align="center")

Disclaimer: May be incomplete or outdated. See original article for details.

More information can be found here:

* Debian Docs: [Link](https://manpages.debian.org/testing/ca-certificates/update-ca-certificates.8.en.html)
    

## Fedora/RHEL: `update-ca-trust`

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1760714156169/c4277ed3-c0f7-47f3-85a1-0a1ee8bd8e9b.png align="center")

Disclaimer: May be incomplete or outdated. See original article for details.

More information can be found here:

* Fedora Docs: [Link](https://docs.fedoraproject.org/en-US/quick-docs/using-shared-system-certificates/)
    
* Red Hat Enterprise Linux Docs: [Link](https://www.redhat.com/en/blog/configure-ca-trust-list)
    

**Disclaimer:** The diagram reflects my current understanding and may be incomplete or outdated. No guarantee of accuracy is provided.

---

Find the original drawings for you to modify [on GitHub](https://github.com/StefanRickli/linux-certificate-updates).
