security.pki.caCertificateBlacklist
NixOS option
A list of blacklisted CA certificate names that won’t be imported from the Mozilla Trust Store into /etc/ssl/certs/ca-certificates.crt. Use the names from that file.
type: list of stringDefault
[ ]
Example
declared in: nixos/modules/security/ca.nixView source on NixOS/nixpkgs →[ "WoSign" "WoSign China" "CA WoSign ECC Root" "Certification Authority of WoSign G2" ]