This section needs to be completed.
Ubuntu has an updated repository of the Certificate Authorities in what they call the System-Wide Certificate Authority Database.
Most likely any recognized CA and Intermediate certificates are already in the database.
See the section Certificate into the System-Wide Authority Database on the Ubuntu OpenSSL Help website.
Instructions here but yet to try them. This part of the instructions is not clear,
Update the CA certificate hash symlinks used by openssl. This will open a text dialog asking you to confirm the CA certificates to be marked as trusted. Out of the box, a typical modern Linux distro would have a long list of certificates which would already be marked as trusted. You have to search for the authority you just copied (it would be unmarked), mark it and select OK.
sudo dpkg-reconfigure ca-certificates
I noticed that this folder actually contains symbolic links generally to /usr/share/ca-certificates/.
I also believe the symbolic links are generated by the command sudo dpkg-reconfigure ca-certificates.
There is also an entry etc/apache2/sites-available/default-ssl that reads,
"update the hash symlinks after changes"
Why is this done this way? I do not know. I am guessing that this is for having multiple applications trust the cert store. Still need to research this more.