authentication – Tools to monitor and validate locally installed CA certificates

A lot of trust on computer systems rely on the CA certificates used to verify the authenticity of websites (typically HTTPS), so it is of utmost importance that these certificates are valid and not tampered with by suspect third parties

Not sure if this is the case but I find it likely that on mobile platforms, at least some certificates (at least those from the manufacturer and OEM) come pre-installed via firmware. In linux systems they can be stored in /usr/local/share/ca-certificate or /etc/ssl/certs, on Mac OS it is /System/Library/Security/Certificates.bundle/Contents/Resources/TrustStore.html, and so on. These certificates can vary from OS and from version.

I wonder if there are tools that allow to validate the certificates installed on a machine against public CA databases, and detect any potentially anomalous certificate