When I copy a new CA certificate, e.g., mycompany.crt into the directory /usr/local/share/ca-certificates, I have to do an update-ca-certificates in order to make this certificate known to the system.
My question is: Is this command always necessary or would a reboot do the same thing?
In particular, does Ubuntu pick up all certificate files in /usr/local/share/ca-certificates during booting and make them known to the system?
One use case where this is also important is when working with containers. It would be interesting to know if, e.g., a mere
docker run \
--mount type=bind,source=/usr/local/share/ca-certificates,target=/usr/local/share/ca-certificates,readonly \
my_image
would be enough, or if I need a
docker run \
--mount type=bind,source=/usr/local/share/ca-certificates,target=/usr/local/share/ca-certificates,readonly \
my_image update-ca-certificates
provided that my_image is an Ubuntu based image that has the apt package ca-certificate installed.
