If you want to import external data (e.g. calendars) that are stored on ssl secured servers with non standard root certificates, you'll have to install these root certificates on your local machine, so your openssl enabled client (i.e. kronolith) knows how to trust your external source. Here is an example of how to do this for CACert.org signed certificates:

cd /etc/ssl/certs
curl http://www.cacert.org/certs/class3.der >import.der
openssl sha1 import.der                         ### VERIFY THE SHA1 FINGERPRINT ###
openssl md5 import.der                          ### VERIFY THE MD5  FINGERPRINT ###
openssl x509 -text -inform der -in import.der   ### VERIFY THE OWNER            ###
openssl x509 -in import.der -inform der -out CAcert_Class_3_Root_CA.pem -outform pem
rm import.der
c_rehash .
update-ca-certificates

Repeat these steps with the root certificate:
http://www.cacert.org/certs/root.der

Afterwards you can import your external source CACert signed certificate (using the same method) and the chain of trust is complete.

You can find the current CACert fingerprints (to verify fingerprints in the above example) on http://www.cacert.org/index.php?id=3

These instructions are valid for most Linux distributions with standard openssl packaging and have been tested with Debian Unstable.