On Fri, Nov 15, 2019 at 11:32 AM James Simister <[email protected]> wrote: > > If you use the --cacert option, I think you need to make sure the pem file > is a bundle of certificates, including the entire chain back to the root > cert. There is also a --capath option where you can specify a directory of > certificates that can be used. If using openssl, use the c_rehash command > to reprocess the certificates if you've added or removed any in the > directory. >
I left that out of my OP, but I have a -chain.pem that (according to firefox) has the entire chain, and I've added it in /etc/pki and tried it directly in the --cacert. Still no dice. I installed c_rehash to try the --capath, but I haven't tried that yet. Maybe I'll try that next. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
