https://fixyacloud.wordpress.com/2020/01/26/ssl-certificate-location-on-unix-linux/

SSL Certificate Location on UNIX/Linux

Debian packages:

• openssl:

  Suggests: ca-certificates
  Description: Secure Sockets Layer toolkit - cryptographic utility
   This package is part of the OpenSSL project's implementation of the SSL
   and TLS cryptographic protocols for secure communication over the
   Internet.
   .
   It contains the general-purpose command line binary /usr/bin/openssl,
   useful for cryptographic operations such as:
    * creating RSA, DH, and DSA key parameters;
    * creating X.509 certificates, CSRs, and CRLs;
    * calculating message digests;
    * encrypting and decrypting with ciphers;
    * testing SSL/TLS clients and servers;
    * handling S/MIME signed or encrypted mail.

• ca-certificates:

  Depends: openssl, debconf | debconf-2.0
  Enhances: openssl
  Description: Common CA certificates
   Contains the certificate authorities shipped with Mozilla's browser to allow
   SSL-based applications to check for the authenticity of SSL connections.
   .
   Please note that Debian can neither confirm nor deny whether the
   certificate authorities whose certificates are included in this package
   have in any way been audited for trustworthiness or RFC 3647 compliance.
   Full responsibility to assess them belongs to the local system
   administrator.

• ca-certificates-java:

  Depends: ca-certificates, default-jre-headless | java8-runtime-headless, libnss3
  Description: Common CA certificates (JKS keystore)
    This package uses the hooks of the ca-certificates package to update the
    cacerts JKS keystore used for many java runtimes.

• ssl-cert:

  Depends: debconf | debconf-2.0, openssl, adduser
  Suggests: openssl-blacklist
  Description: simple debconf wrapper for OpenSSL
   This package enables unattended installs of packages that
   need to create SSL certificates.
   .
   It is a simple wrapper for OpenSSL's certificate request utility that
   feeds it with the correct user variables.