diff --git a/CHANGELOG b/CHANGELOG
index 2e7864a..5bfafd1 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,4 @@
+1.10     - Use --filter=ca-anchors for all stores
 1.9      - Guard overrides on first run to avoid error message
          - Move dist files to /etc/make-ca
          - Add distribution script to update CS.txt from CCADB
diff --git a/make-ca b/make-ca
index 25d7b2c..4144e20 100644
--- a/make-ca
+++ b/make-ca
@@ -11,7 +11,7 @@
 
 shopt -s extglob;
 
-VERSION="1.9"
+VERSION="1.10"
 MAKE_CA_CONF="/etc/make-ca.conf"
 
 # Get/set defaults
@@ -940,27 +940,27 @@ rm -rf "${TEMPDIR}"
 install -dm755 "${DESTDIR}${CERTDIR}" "${DESTDIR}${BUNDLEDIR}" "${DESTDIR}${KEYSTORE}"
 echo "Extracting OpenSSL certificates to:"
 echo -n "${DESTDIR}${CERTDIR}..."
-"${TRUST}" extract --filter=certificates --format=openssl-directory \
+"${TRUST}" extract --filter=ca-anchors --format=openssl-directory \
                    --overwrite --comment "${DESTDIR}${CERTDIR}" \
                    && echo "Done!" || echo "Failed!!!"
 echo "Extracting GNUTLS server auth certificates to:"
 echo -n "${DESTDIR}${CABUNDLE}..."
-"${TRUST}" extract --filter=certificates --format=pem-bundle \
+"${TRUST}" extract --filter=ca-anchors --format=pem-bundle \
                    --purpose server-auth --overwrite --comment "${DESTDIR}${CABUNDLE}" \
                    && echo "Done!" || echo "Failed!!!"
 echo "Extracting GNUTLS S-Mime certificates to:"
 echo -n "${DESTDIR}${SMBUNDLE}..."
-"${TRUST}" extract --filter=certificates --format=pem-bundle \
+"${TRUST}" extract --filter=ca-anchors --format=pem-bundle \
                    --purpose email --overwrite --comment "${DESTDIR}${SMBUNDLE}" \
                    && echo "Done!" || echo "Failed!!!"
 echo "Extracting GNUTLS code signing certificates to:"
 echo -n "${DESTDIR}${CSBUNDLE}..."
-"${TRUST}" extract --filter=certificates --format=pem-bundle \
+"${TRUST}" extract --filter=ca-anchors --format=pem-bundle \
                    --purpose code-signing --overwrite --comment \
                    "${DESTDIR}${CSBUNDLE}" && echo "Done!" || echo "Failed!!!"
 echo "Extracting Java cacerts (JKS) to:"
 echo -n "${DESTDIR}${KEYSTORE}/cacerts..."
-"${TRUST}" extract --filter=certificates --format=java-cacerts \
+"${TRUST}" extract --filter=ca-anchors --format=java-cacerts \
                    --purpose server-auth --overwrite \
                    --comment "${DESTDIR}${KEYSTORE}/cacerts" \
                    && echo "Done!" || echo "Failed!!!"