I like to understand more about the /root/cacert.p12 file in a self signed CA environment. Here are the questions: 

1, could this file be located somewhere other than under /root? 

2, what operations use this file instead of nssdb? In other words, if the /root/cacert.p12 file were not in place, what operations would fail? 

Thank you in advance! 

Kathy.