Fedora 27. The stuff in /etc/pki, specifically /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt I believe, from the ca-certificates-2018.2.22-1.0.fc27.noarch package. Thanks, -rt Ryan Taylor Research Computing Specialist Research Computing Services, University Systems University of Victoria ________________________________________ From: David Woodhouse <dwmw2 at infradead.org> Sent: May 10, 2018 2:37 PM To: Ryan Taylor; Nikos Mavrogiannopoulos; Daniel Lenski Cc: openconnect-devel at lists.infradead.org Subject: Re: --servercert option is insecure On Thu, 2018-05-10 at 21:28 +0000, Ryan Taylor wrote: > > (Side side note: the reason this came up in the first place is that > our certificate is not being recognized by openconnect, despite (as > far as I can tell) being signed by a CA that is included in the trust > store of the OS, and being accepted by firefox.) Which OS, and what is "the trust store of the OS"? -- dwmw2
