[PLUG] question on certificate managers

[American Citizen]

Hi:

3 days ago I had to reinstall Mozilla Firefox from the openSuse 
repository, not the downloaded tar ball.

After installation, Firefox had problems with the security certificates 
and wouldn't open a single https website.

This forced me to look into how security certificates are handled, but 
what I did find out using yast to partially help, is that the crt and 
pem files are put in folders all over the place, there appears to be no 
central repository.

Is Kleopatra a good tool to reorganize the security certificates? Right 
now openSuse puts most, but not all, certificates into the 
/var/lib/ca-certificates folder with two subfolders, pem and openssl.

Is it a good idea to use this folder as the main library of security 
certificates?

In the future, I am trying to avoid Firefox from marking all the 
certificates as untrustable and having to manually go in and tell it 
that things are okay.

What is your favorite certificate manager and why?

Randall