CA Cert issue has me stumped
blr at robertsr.us
Fri Nov 15 11:39:50 MST 2019
On Fri, Nov 15, 2019 at 11:32 AM James Simister <jsimister at gmail.com> wrote:
> If you use the --cacert option, I think you need to make sure the pem file
> is a bundle of certificates, including the entire chain back to the root
> cert. There is also a --capath option where you can specify a directory of
> certificates that can be used. If using openssl, use the c_rehash command
> to reprocess the certificates if you've added or removed any in the
I left that out of my OP, but I have a -chain.pem that (according to
firefox) has the entire chain, and I've added it in /etc/pki and tried
it directly in the --cacert. Still no dice.
I installed c_rehash to try the --capath, but I haven't tried that
yet. Maybe I'll try that next.
More information about the PLUG