client# cat /tmp/server.crt >> /etc/ssl/certs.pem
BTW it's /etc/ssl/cert.pem not /etc/ssl/certs.pem
Not the cert of the server but, like he said, the CACert.pemThe certificate is self-signed. Sorry, I should have mentioned that.
Especially since you started by saying "A private CA has issued server certs to mail.example.org." :-) You could just create your own CA...
Just go with free "ACME certificate".)Not possible.
...or do not have control over mail.example.org?