[openssl-users] How can I set up a bundle of commercial root CA certificates? (FAQ 16)

Ben Humpert ben at an3k.de
Sun Dec 13 10:34:34 UTC 2015

2015-12-13 3:53 GMT+01:00 Viktor Dukhovni <openssl-users at dukhovni.org>:
> In other words, you can concatenate all the trusted root CA
> certs into the "cert.pem" file in that directory, but this
> has a performance cost, as all the certificates are loaded
> into memory and parse even though most go unused.  Alternatively,

The problem with concatenating certs into one file is that at least
Windows does not understand that format and just reads the first
certificate but ignores all following.

More information about the openssl-users mailing list