Add README file with instructions for managing the certificates

Change-Id: I72266891b93c873c63f79cbb40541dac3b23bbd1

diff --git a/README b/README
new file mode 100644 (file)
index 0000000..72535f5
--- /dev/null
+++ b/README
@@ -0,0 +1,26 @@
+ca-certificates package - collection of root CA certificates
+
+Updating the certificates - manual
+----------------------------------
+
+1. Download the certificates from AOSP project
+       - clone the repository https://android.googlesource.com/platform/system/ca-certificates
+       - checkout to master branch & take the certs from its ./files/ directory
+2. Download the certificates from Mozilla
+       - visit https://wiki.mozilla.org/CA/Included_Certificates
+       - download the txt file named "PEM of Root Certificates in Mozilla's Root Store with the Websites (TLS/SSL) Trust Bit Enabled"
+       - the file contains all certs concatenated - you can split them using the parse-mozilla-certificates.py script from ./scripts/ directory
+3. Merge the certificates into one set & remove duplicates & name them properly
+       - use script merge-certs-info.py from ./scripts/ directory in this repository
+       - as one of the input directory, you can use existing ./certs/
+               - thats handy especially since theoretically, some certs can be added manually from outside of the mentioned two sources
+               - this way you'll not remove them!
+       - make sure to use NEW empty directory for output parameter
+       - pay attention to use --remove-expired flag in the script or you can leave expired ones
+       - replace contents of the ./certs/ directory with newly created set (from now no-longer-empty directory created above)
+       - the script outputs the tab-separated data about found certificates - it doesn't have to be captured (only if explicitly requested)
+
+Checking for expired ones
+-------------------------
+
+1. Use the script check-expired-certs.sh from ./scripts/ directory