On 2018-10-30, user . <rdansdml....@outlook.com> wrote: > - when I upgrade the os, I get a new cert.pem -- correct?
No. It is in the "etc" file set, which is handled specially. Upgrades are handled by sysmerge, which allows maintaining your local changes to the file (added or removed certs). You can fetch a clean updated file with this command: ftp -o cert.pem http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/lib/libcrypto/cert.pem?content-type=text/plain
