Yes, certificate validation on Linux is a mess. As others have said different applications require a root store in different formats or locations, but it is worse than that. Most fill the content of these root stores by copying Mozilla's root store and removing Mozilla-specific attributes from the roots because applications can't read these attributes. But Mozilla has repeatedly said that using their root store while ignoring these attributes is insecure.
5 Likes