Linux and Domino comes with a good set of public trusted certs.
But in corporate environment you often have to add your own trusted root for a corporate CA.
This starts with Linux which needs certificates to validate repository servers and other resources.
Domino trusted roots
But also within Domino there are are trust stores which need might need central management.
Domino Directory Trusted roots, certstore.nsf Trusted roots can be easily centrally updated.
But the following two trust stores are more difficult to manage:
/local/notesdata/cacert.pem used for HTTP Requests in Lotus Script and other backend code using curl
Domino JVM trust store used by Java
This is a companion discussion topic for the original entry at https://blog.nashcom.de/nashcomblog.nsf/dx/adding-trusted-roots-to-domino-containers.htm