This section needs to be completed.
Ubuntu has an update repository of the Certificate Authorities in what they call the System-Wide Certificate Authority Database.
Most likely any recognized CA and Intermediate certificates are already in the database and expired or new certificates.
See the section Certificate into the System-Wide Authority Database on the Ubuntu OpenSSL Help website.
I noticed that this folder actually contains symbolic links generally to /usr/share/ca-certificates/.
I also believe the symbolic links are generated by the command sudo dpkg-reconfigure ca-certificates.
There is also an entry etc/apache2/sites-available/default-ssl that reads,
"update the hash symlinks after changes"
Why is this done this way? I do not know. I am guessing that this is for having multiple applications trust the cert store. Still need to research this more.