Comment 29 for bug 1647285

Looks like Fedora substantially modified the scripts used by ca-certificates to extract untrusted and blacklisted certs. We should probably start by investigating how their package is handling this, what files they are generating, and if they are being properly handled by p11-kit-trust.