From Fedora Project Wiki

Description

This test case ensures the proper installation and basic verification of the ca-certificates package which offers a set of CA certificates trusted by the system.

Setup

  1. Install a fresh version of Fedora.
  2. Install the ca-certificates package: sudo dnf install ca-certificates.

How to test

  1. Confirm the certificates are properly stored: ls /etc/pki/ca-trust/extracted/pem/.
  2. Display the contents of a sample certificate to ensure its integrity: cat /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem.
  3. Use a tool, like curl, to make a request to a secured website (e.g., https://www.google.com) to validate the system trusts commonly used certificates: curl https://www.google.com.

Expected Results

  1. The listed certificates directory should contain various .pem files representing trusted CA certificates.
  2. The displayed certificate content should look valid and not be empty or corrupted.
  3. The curl command should successfully retrieve the website content without certificate errors.

Optional

For advanced testing:

  1. Intentionally remove a certificate and test accessing a website using that certificate to ensure it fails.
  2. Test adding a custom certificate and validate trust.
  3. Test the update mechanism to ensure new certificates are added, and revoked ones are removed.