diff --git a/errors.go b/errors.go
index 1a5fff06fe888b2f710ca0b54d25c8a89694a6d6..c50d6cc208f63d36338c5b6851fc3719cb6d7f98 100644
--- a/errors.go
+++ b/errors.go
@@ -1,3 +1,5 @@
+// Copyright (c) 2018 The truststore Authors. All rights reserved.
+
 package truststore
 
 import (
@@ -65,3 +67,10 @@ func (e *CmdError) Cmd() *exec.Cmd {
 func (e *CmdError) Out() []byte {
 	return e.out
 }
+
+func wrapError(err error, msg string) error {
+	if err == nil {
+		return nil
+	}
+	return fmt.Errorf("%s: %s", msg, err)
+}
diff --git a/truststore.go b/truststore.go
index 86f62b60735720820535ff17ff69e2f4d9d6f702..d70efcadf592a4e6e45e949d7cadbe75b937878a 100644
--- a/truststore.go
+++ b/truststore.go
@@ -6,7 +6,6 @@ import (
 	"bytes"
 	"crypto/x509"
 	"encoding/pem"
-	"fmt"
 	"io"
 	"io/ioutil"
 	"log"
@@ -218,17 +217,6 @@ func uniqueName(cert *x509.Certificate) string {
 	return prefix + cert.SerialNumber.String()
 }
 
-func cmdError(err error, command string, out []byte) error {
-	return fmt.Errorf("failed to execute \"%s\": %s\n\n%s", command, err, out)
-}
-
-func wrapError(err error, msg string) error {
-	if err == nil {
-		return nil
-	}
-	return fmt.Errorf("%s: %s", msg, err)
-}
-
 func saveTempCert(cert *x509.Certificate) (string, func(), error) {
 	f, err := ioutil.TempFile(os.TempDir(), "truststore.*.pem")
 	if err != nil {
diff --git a/truststore_darwin.go b/truststore_darwin.go
index 9dc9ed77d060d71b54ca14d14a75f2f247b91186..ba62c8734ac676f7885867aedcd544efff7f587d 100644
--- a/truststore_darwin.go
+++ b/truststore_darwin.go
@@ -13,7 +13,6 @@ import (
 	"os/exec"
 
 	plist "github.com/DHowett/go-plist"
-	"github.com/pkg/errors"
 )
 
 var (
@@ -53,7 +52,7 @@ func installPlatform(filename string, cert *x509.Certificate) error {
 	cmd := exec.Command("sudo", "security", "add-trusted-cert", "-d", "-k", "/Library/Keychains/System.keychain", filename)
 	out, err := cmd.CombinedOutput()
 	if err != nil {
-		return cmdError(err, "security add-trusted-cert", out)
+		return NewCmdError(err, cmd, out)
 	}
 
 	// Make trustSettings explicit, as older Go does not know the defaults.
@@ -67,7 +66,7 @@ func installPlatform(filename string, cert *x509.Certificate) error {
 	cmd = exec.Command("sudo", "security", "trust-settings-export", "-d", plistFile.Name())
 	out, err = cmd.CombinedOutput()
 	if err != nil {
-		return cmdError(err, "security trust-settings-export", out)
+		return NewCmdError(err, cmd, out)
 	}
 
 	plistData, err := ioutil.ReadFile(plistFile.Name())
@@ -101,19 +100,21 @@ func installPlatform(filename string, cert *x509.Certificate) error {
 
 	plistData, err = plist.MarshalIndent(plistRoot, plist.XMLFormat, "\t")
 	if err != nil {
-		return errors.Wrap(err, "failed to serialize trust settings")
+		return wrapError(err, "failed to serialize trust settings")
 	}
 
 	err = ioutil.WriteFile(plistFile.Name(), plistData, 0600)
 	if err != nil {
-		return errors.Wrap(err, "failed to write trust settings")
+		return wrapError(err, "failed to write trust settings")
 	}
 
 	cmd = exec.Command("sudo", "security", "trust-settings-import", "-d", plistFile.Name())
 	out, err = cmd.CombinedOutput()
 	if err != nil {
-		return errors.Errorf("failed to execute \"security trust-settings-import\": %s\n\n%s", err, out)
+		return NewCmdError(err, cmd, out)
 	}
+
+	debug("certificate installed properly in macOS keychain")
 	return nil
 }
 
@@ -121,7 +122,9 @@ func uninstallPlatform(filename string, cert *x509.Certificate) error {
 	cmd := exec.Command("sudo", "security", "remove-trusted-cert", "-d", filename)
 	out, err := cmd.CombinedOutput()
 	if err != nil {
-		return errors.Errorf("failed to execute \"security remove-trusted-cert\": %s\n\n%s", err, out)
+		return NewCmdError(err, cmd, out)
 	}
+
+	debug("certificate uninstalled properly from macOS keychain")
 	return nil
 }
diff --git a/truststore_java.go b/truststore_java.go
index 444f9a32cba4ea86855ead6794e4eb6080bf4444..0a6ebd86c917f2fe0321ce96a64fdb60870e0ac8 100644
--- a/truststore_java.go
+++ b/truststore_java.go
@@ -80,6 +80,8 @@ func (t *JavaTrust) Install(filename string, cert *x509.Certificate) error {
 	if out, err := execKeytool(cmd); err != nil {
 		return NewCmdError(err, cmd, out)
 	}
+
+	debug("certificate installed properly in Java keystore")
 	return nil
 }
 
@@ -100,6 +102,8 @@ func (t *JavaTrust) Uninstall(filename string, cert *x509.Certificate) error {
 	if err != nil {
 		return NewCmdError(err, cmd, out)
 	}
+
+	debug("certificate uninstalled properly from the Java keystore")
 	return nil
 }
 
diff --git a/truststore_linux.go b/truststore_linux.go
index 8a22a999ecb4a51561527c8846d83335359ce4a1..16c511bd31a5cb9b2247a72d779758b517a5f96e 100644
--- a/truststore_linux.go
+++ b/truststore_linux.go
@@ -71,6 +71,7 @@ func installPlatform(filename string, cert *x509.Certificate) error {
 		return cmdError(err, strings.Join(SystemTrustCommand, " "), out)
 	}
 
+	debug("certificate installed properly in linux trusts")
 	return nil
 }
 
@@ -91,6 +92,7 @@ func uninstallPlatform(filename string, cert *x509.Certificate) error {
 		return cmdError(err, strings.Join(SystemTrustCommand, " "), out)
 	}
 
+	debug("certificate uninstalled properly from linux trusts")
 	return nil
 }
 
diff --git a/truststore_nss.go b/truststore_nss.go
index eed49e63362fd55711ca90826966c96d4c6cb8dd..54c89c4a77b386a8fef0911feb5d905e19a9e0df 100644
--- a/truststore_nss.go
+++ b/truststore_nss.go
@@ -95,6 +95,9 @@ func (t *NSSTrust) Uninstall(filename string, cert *x509.Certificate) (err error
 			err = NewCmdError(err1, cmd, out)
 		}
 	})
+	if err == nil {
+		debug("certificate uninstalled properly from NSS security databases")
+	}
 	return
 }
 
@@ -115,6 +118,10 @@ func (t *NSSTrust) Exists(cert *x509.Certificate) bool {
 
 // PreCheck implements the Trust interface.
 func (t *NSSTrust) PreCheck() error {
+	if t != nil {
+		return nil
+	}
+
 	if CertutilInstallHelp == "" {
 		return fmt.Errorf("Note: NSS support is not available on your platform")
 	} else {
diff --git a/truststore_windows.go b/truststore_windows.go
index 4208e390dfce5815fd452eb806a1661a05b6382d..70d8176d7bbf6fa284cdd9605acd7799d9b29a65 100644
--- a/truststore_windows.go
+++ b/truststore_windows.go
@@ -40,6 +40,7 @@ func installPlatform(filename string, cert *x509.Certificate) error {
 		return wrapError(err, "add cert failed")
 	}
 
+	debug("certificate installed properly in windows trusts")
 	return nil
 }
 
@@ -61,6 +62,7 @@ func uninstallPlatform(filename string, cert *x509.Certificate) error {
 		return ErrNotFound
 	}
 
+	debug("certificate uninstalled properly from windows trusts")
 	return nil
 }