> I think you must be able to "openssl verify" your file without specifying the > CAfile, if you want Spice ssl checks to pass. Sorry, but how should that work? For example: # cat server.pem intermediate_certificate.pem ca.pem >mix.pem So the file contains all needed certificates, but: # openssl verify mix.pem mix.pem: ..... error 20 at 0 depth lookup:unable to get local issuer certificate Also, I pass the CA to remote-viewer. so why is it not used for verification? _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel