\documentclass{article}
\usepackage{ulem}
\usepackage{graphicx}
\usepackage{hyperref}
\pagestyle{headings}
\begin{document}
If you want to import external data (e.g. calendars) that are stored on ssl secured servers with non standard root certificates, you'll have to install these root certificates on your local machine, so your openssl enabled client (i.e. kronolith) knows how to trust your external source. Here is an example of how to do this for CACert.org signed certificates:

cd /etc/ssl/certs<br />
curl <a href="http://www.cacert.org/certs/class3.der">http://www.cacert.org/certs/class3.der</a> >import.der<br />
openssl sha1 import.der                         \#\#\# VERIFY THE SHA1 FINGERPRINT \#\#\#<br />
openssl md5 import.der                          \#\#\# VERIFY THE MD5  FINGERPRINT \#\#\#<br />
openssl x509 -text -inform der -in import.der   \#\#\# VERIFY THE OWNER            \#\#\#<br />
openssl x509 -in import.der -inform der -out CAcert\_Class\_3\_Root\_CA.pem -outform pem<br />
rm import.der<br />
c\_rehash .<br />
update-ca-certificates

Repeat these steps with the root certificate:<br />
<a href="http://www.cacert.org/certs/root.der">http://www.cacert.org/certs/root.der</a>

Afterwards you can import your external source CACert signed certificate (using the same method) and the chain of trust is complete.

You can find the current CACert fingerprints (to verify fingerprints in the above example) on <a href="http://www.cacert.org/index.php?id=3">http://www.cacert.org/index.php?id=3</a>

These instructions are valid for most Linux distributions with standard openssl packaging and have been tested with Debian Unstable.

\end{document}