p11-kit tool provides a
extract-trust command which extracts trust
policy information such as certificate anchors and so on
into files for use with libraries that cannot read this trust
In order to be useful the
command needs to be customized per distribution or site. You can
find this file in at
in the p11-kit source code.
The command is implemented as a simple script which
performs the various
p11-kit extract commands
necessary to extract the information.
Using this script as a standard way to extract this information allows for consistency between distributions and ease of system administration.