I recently needed to add an additional Comodo (lol)cert to Ubuntu 14.04 instances. I put the following plays in my common Ansible role that is applied to all my systems.

- name: Ensure local certs directory exists
  file: state=directory path=/usr/local/share/ca-certificates

- name: Install comodo cert
  copy: src=COMODORSAddTrustCA.crt dest=/usr/local/share/ca-certificates/COMODORSAddTrustCA.crt

- name: Update cert index
  shell: /usr/sbin/update-ca-certificates

This is the “right” way to add local CA certs, codified.