The "does not gave feedback part" is very valid. If a certificate has wrong format it will be *silently* ignored, which is painful for the admin, because he has no clue that something went wrong. According to old Linux tradition programs are silent when the operation succeeds, but in case of an error there should be an error message. See https://bugzilla.opensuse.org/show_bug.cgi?id=936709 for an example. If I read the scripts correctly, the problem happens inside the /usr/bin/trust binary, which has no documentation.