CA Cert issue has me stumped

Barry Roberts blr at
Fri Nov 15 11:39:50 MST 2019

On Fri, Nov 15, 2019 at 11:32 AM James Simister <jsimister at> wrote:
> If you use the --cacert option, I think you need to make sure the pem file
> is a bundle of certificates, including the entire chain back to the root
> cert. There is also a --capath option where you can specify a directory of
> certificates that can be used. If using openssl, use the c_rehash command
> to reprocess the certificates if you've added or removed any in the
> directory.

I left that out of my OP, but I have a -chain.pem that (according to
firefox) has the entire chain, and I've added it in /etc/pki and tried
it directly in the --cacert.  Still no dice.

I installed c_rehash to try the --capath, but I haven't tried that
yet.  Maybe I'll try that next.

More information about the PLUG mailing list