> On Dec 13, 2015, at 5:34 AM, Ben Humpert <ben at an3k.de> wrote: > > 2015-12-13 3:53 GMT+01:00 Viktor Dukhovni <openssl-users at dukhovni.org>: >> >> In other words, you can concatenate all the trusted root CA >> certs into the "cert.pem" file in that directory, but this >> has a performance cost, as all the certificates are loaded >> into memory and parse even though most go unused. Alternatively, > > > The problem with concatenating certs into one file is that at least > Windows does not understand that format and just reads the first > certificate but ignores all following. This is both wrong and irrelevant. The OP should proceed as instructed. OpenSSL's CAfile feature reads multiple certificates from a single file. -- Viktor.
