I recently refurbished a used and old Acer Aspire E774 laptop as a donation for the Computertruhe e.V.. Of course, this also involves overwriting the hard disk with random data so that old data can no longer be reconstructed. Because “deleted” is not the same as “securely deleted”. I used the shred tool in a Fedora Live environment for secure deletion. However, it works just as well with any other Linux distribution.
In most cases running an own CA (certification authority) is not advisable. But there are exceptions: If you want to secure internal services of your company, using your own CA might be necessary. During my employment at ADITO Software GmbH I created a tool for X.509 certificate management. The root certificate of my tool had to be imported into every PC of the company. Unfortunately there are some pitfalls which I did not expect, but after some research I figured out how to import the new CA to Linux- and Windows PCs and to every major webbrowser.