1

(21 replies, posted in wolfSSL)

That is incredibly helpful!  Thanks so much!

I have one more question.  When I test against this same server using Curl or OpenSSL, the connection is allowed, even though 1 (or more) of the certificates in the chain have expired.  I don't know enough about the SSL spec to know if this is bad behavior or not, but I'd assume not since those are both very mainstream tools.  Is there a way to get the Cyassl library to behave in the same way?

2

(21 replies, posted in wolfSSL)

The certificate chain is actually 12 certs long.  You can use openSSL to see that:

openssl s_client -showcerts -connect nucleus-connect.axeda.com:443 -CApath /etc/ssl/certs/

I'm working with Vanger on this issue.  I've gotten past the -188 error after giving the entire chain to the library.  Now I'm getting a -155.  I turned on the logging in the ssl library and have the following trace:

[HTTPClient : DBG]Connecting socket to server
[INFO] Opened TCP Socket [nucleus-connect.axeda.com:443]
[HTTPClient : DBG]SSLver=3
CyaSSL Entering CYASSL_CTX_new
CyaSSL Entering CyaSSL_CertManagerNew
CyaSSL Leaving CYASSL_CTX_new, return 0
CyaSSL Entering CyaSSL_CTX_load_verify_buffer
Processing CA PEM file
Adding a CA
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeAuthKeyId
CyaSSL Entering DecodeKeyUsage
CyaSSL Entering DecodeExtKeyUsage
CyaSSL Entering DecodeAltNames
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeBasicCaConstraint
CyaSSL Entering DecodeAuthInfo
Certificate Policy extension not supported yet.
CyaSSL Entering GetAlgoId
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
CyaSSL Leaving AddCA, return 0
   Processed a CA
Adding a CA
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeBasicCaConstraint
Certificate Policy extension not supported yet.
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeKeyUsage
CyaSSL Entering DecodeAltNames
    Unsupported name type, skipping
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeAuthKeyId
    info: OPTIONAL item 0, not available

CyaSSL Entering GetAlgoId
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
CyaSSL Leaving AddCA, return 0
   Processed a CA
Adding a CA
CyaSSL Entering GetExplicitVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering GetAlgoId
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
CyaSSL Leaving AddCA, return 0
   Processed a CA
Adding a CA
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeBasicCaConstraint
Certificate Policy extension not supported yet.
CyaSSL Entering DecodeKeyUsage
CyaSSL Entering DecodeExtKeyUsage
CyaSSL Entering DecodeAuthInfo
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeAltNames
    Unsupported name type, skipping
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeAuthKeyId
CyaSSL Entering GetAlgoId
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
CyaSSL Leaving AddCA, return 0
   Processed a CA
Adding a CA
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeBasicCaConstraint
CyaSSL Entering DecodeKeyUsage
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering GetAlgoId
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
CyaSSL Leaving AddCA, return 0
   Processed a CA
Adding a CA
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeBasicCaConstraint
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeKeyUsage
Certificate Policy extension not supported yet.
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeAuthInfo
CyaSSL Entering DecodeExtKeyUsage
CyaSSL Entering GetAlgoId
    Parsed new CA
    Already have this CA, not adding again
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
CyaSSL Leaving AddCA, return 0
   Processed a CA
Adding a CA
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeBasicCaConstraint
Certificate Policy extension not supported yet.
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeKeyUsage
CyaSSL Entering DecodeAltNames
    Unsupported name type, skipping
CyaSSL Entering DecodeAuthInfo
CyaSSL Entering DecodeAuthKeyId
CyaSSL Entering GetAlgoId
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
CyaSSL Leaving AddCA, return 0
   Processed a CA
Adding a CA
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeBasicCaConstraint
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeKeyUsage
Certificate Policy extension not supported yet.
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeAuthInfo
CyaSSL Entering DecodeExtKeyUsage
CyaSSL Entering GetAlgoId
    Parsed new CA
    Already have this CA, not adding again
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
CyaSSL Leaving AddCA, return 0
   Processed a CA
Adding a CA
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeBasicCaConstraint
Certificate Policy extension not supported yet.
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeKeyUsage
CyaSSL Entering DecodeAltNames
    Unsupported name type, skipping
CyaSSL Entering DecodeAuthKeyId
CyaSSL Entering DecodeAuthInfo
CyaSSL Entering DecodeExtKeyUsage
CyaSSL Entering GetAlgoId
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
CyaSSL Leaving AddCA, return 0
   Processed a CA
Adding a CA
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeBasicCaConstraint
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeKeyUsage
Certificate Policy extension not supported yet.
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeAuthInfo
CyaSSL Entering DecodeExtKeyUsage
CyaSSL Entering GetAlgoId
    Parsed new CA
    Already have this CA, not adding again
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
CyaSSL Leaving AddCA, return 0
   Processed a CA
Adding a CA
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeBasicCaConstraint
Certificate Policy extension not supported yet.
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeKeyUsage
CyaSSL Entering DecodeAltNames
    Unsupported name type, skipping
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeAuthKeyId
    info: OPTIONAL item 0, not available

CyaSSL Entering GetAlgoId
    Parsed new CA
    Already have this CA, not adding again
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
CyaSSL Leaving AddCA, return 0
   Processed a CA
Adding a CA
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeKeyUsage
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeAuthKeyId
CyaSSL Entering DecodeBasicCaConstraint
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeAuthInfo
CyaSSL Entering GetAlgoId
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
CyaSSL Leaving AddCA, return 0
   Processed a CA
[HTTPClient : DBG]SSL connection set to verify peer if certificates available
CyaSSL Entering CyaSSL_CTX_set_verify
CyaSSL Entering SSL_new
CyaSSL Leaving SSL_new, return 0
[HTTPClient : DBG]ctx=20014e58, ssl=20010668, ssl->ctx->CBIORecv, CBIOSend=801582d, 80157e9

CyaSSL Entering SSL_connect()
growing output buffer

Shrinking output buffer

connect state: CLIENT_HELLO_SENT
growing input buffer

received record layer msg
CyaSSL Entering DoHandShakeMsg()
CyaSSL Entering DoHandShakeMsgType
processing server hello
CyaSSL Entering VerifyClientSuite
CyaSSL Leaving DoHandShakeMsgType(), return 0
CyaSSL Leaving DoHandShakeMsg(), return 0
growing input buffer

received record layer msg
CyaSSL Entering DoHandShakeMsg()
CyaSSL Entering DoHandShakeMsgType
processing certificate
Loading peer's cert chain
    Put another cert into chain
    Put another cert into chain
    Put another cert into chain
    Put another cert into chain
    Put another cert into chain
    Put another cert into chain
    Put another cert into chain
    Put another cert into chain
    Put another cert into chain
    Put another cert into chain
    Put another cert into chain
    Put another cert into chain
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeKeyUsage
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeAuthKeyId
CyaSSL Entering DecodeBasicCaConstraint
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeAuthInfo
CyaSSL Entering GetAlgoId
About to verify certificate signature
No CA signer to verify with
Failed to verify CA from chain
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeBasicCaConstraint
Certificate Policy extension not supported yet.
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeKeyUsage
CyaSSL Entering DecodeAltNames
    Unsupported name type, skipping
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeAuthKeyId
    info: OPTIONAL item 0, not available

CyaSSL Entering GetAlgoId
About to verify certificate signature
No CA signer to verify with
Failed to verify CA from chain
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeBasicCaConstraint
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeKeyUsage
Certificate Policy extension not supported yet.
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeAuthInfo
CyaSSL Entering DecodeExtKeyUsage
CyaSSL Entering GetAlgoId
About to verify certificate signature
No CA signer to verify with
Failed to verify CA from chain
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeBasicCaConstraint
Certificate Policy extension not supported yet.
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeKeyUsage
CyaSSL Entering DecodeAltNames
    Unsupported name type, skipping
CyaSSL Entering DecodeAuthKeyId
CyaSSL Entering DecodeAuthInfo
CyaSSL Entering DecodeExtKeyUsage
CyaSSL Entering GetAlgoId
About to verify certificate signature
Rsa SSL verify error
Confirm signature failed
Failed to verify CA from chain
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeBasicCaConstraint
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeKeyUsage
Certificate Policy extension not supported yet.
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeAuthInfo
CyaSSL Entering DecodeExtKeyUsage
CyaSSL Entering GetAlgoId
About to verify certificate signature
No CA signer to verify with
Failed to verify CA from chain
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeBasicCaConstraint
Certificate Policy extension not supported yet.
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeKeyUsage
CyaSSL Entering DecodeAltNames
    Unsupported name type, skipping
CyaSSL Entering DecodeAuthInfo
CyaSSL Entering DecodeAuthKeyId
CyaSSL Entering GetAlgoId
About to verify certificate signature
Rsa SSL verify error
Confirm signature failed
Failed to verify CA from chain
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeBasicCaConstraint
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeKeyUsage
Certificate Policy extension not supported yet.
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeAuthInfo
CyaSSL Entering DecodeExtKeyUsage
CyaSSL Entering GetAlgoId
About to verify certificate signature
No CA signer to verify with
Failed to verify CA from chain
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeBasicCaConstraint
CyaSSL Entering DecodeKeyUsage
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering GetAlgoId
About to verify certificate signature
Rsa SSL verify error
Confirm signature failed
Failed to verify CA from chain
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeBasicCaConstraint
Certificate Policy extension not supported yet.
CyaSSL Entering DecodeKeyUsage
CyaSSL Entering DecodeExtKeyUsage
CyaSSL Entering DecodeAuthInfo
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeAltNames
    Unsupported name type, skipping
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeAuthKeyId
CyaSSL Entering GetAlgoId
About to verify certificate signature
Rsa SSL verify error
Confirm signature failed
Failed to verify CA from chain
CyaSSL Entering GetExplicitVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering GetAlgoId
About to verify certificate signature
Rsa SSL verify error
Confirm signature failed
Failed to verify CA from chain
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeBasicCaConstraint
Certificate Policy extension not supported yet.
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeKeyUsage
CyaSSL Entering DecodeAltNames
    Unsupported name type, skipping
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeAuthKeyId
    info: OPTIONAL item 0, not available

CyaSSL Entering GetAlgoId
About to verify certificate signature
No CA signer to verify with
Failed to verify CA from chain
Verifying Peer's cert
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
Got Cert Header
CyaSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
CyaSSL Entering GetAlgoId
Got Key
Parsed Past Key
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeAuthKeyId
CyaSSL Entering DecodeKeyUsage
CyaSSL Entering DecodeExtKeyUsage
CyaSSL Entering DecodeAltNames
CyaSSL Entering DecodeCrlDist
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeBasicCaConstraint
CyaSSL Entering DecodeAuthInfo
Certificate Policy extension not supported yet.
CyaSSL Entering GetAlgoId
About to verify certificate signature
Rsa SSL verify error
Confirm signature failed
Failed to verify Peer's cert
    No callback override available, fatal
CyaSSL Leaving DoHandShakeMsgType(), return -155
CyaSSL Leaving DoHandShakeMsg(), return -155
CyaSSL error occured, error = -155
[HTTPClient : ERR]SSL_connect failed
CyaSSL Entering SSL_get_error
CyaSSL Leaving SSL_get_error, return -155
CyaSSL Entering ERR_error_string
Error code [-155] is [ASN sig error, confirm failure]
CyaSSL Entering SSL_free
CTX ref count not 0 yet, no free
Shrinking input buffer

CyaSSL Leaving SSL_free, return 0
CyaSSL Entering SSL_CTX_free
CTX ref count down to 0, doing full free
CyaSSL Entering CyaSSL_CertManagerFree
CyaSSL Leaving SSL_CTX_free, return 0
CyaSSL Entering CyaSSL_Cleanup
[INFO] HTTPS POST failed [HTTP_CONN]

I'm curious about the "Certificate Policy extension not supported yet." line close to the end of the trace.  This seems to be caused by the function DecodeAuthInfo(), which has a comment stating "Only supporting URIs right now."  I see this function failing (with the corresponding log message) a few times in the trace, but the rest of the time it seems to be succeeding.  Can you shed some light on this?  Specifically, is this the cause of our problem or just a side effect?  Here is the cert chain we're using:

I had to remove URLs from the comments before each cert in order to post this.

vector<string> certs;

void init_certs() {
    certs.push_back(
    //0 s:/serialNumber=xyPwLKIHpSllSZfIv7-CkSqOMbb9wSCf/C=US/ST=Massachusetts/L=Foxboro/O=Axeda Corporation/OU=Axeda Hosting/CN=nucleus-connect.axeda.com
    //   i:/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA
    "-----BEGIN CERTIFICATE-----\r\n"
    "MIIFHzCCBAegAwIBAgIDAtokMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT\r\n"
    "MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEYMBYGA1UEAxMPR2VvVHJ1c3QgU1NM\r\n"
    "IENBMB4XDTE0MDQyNzA5MTY0M1oXDTE1MDQyOTIyMTc0OFowgboxKTAnBgNVBAUT\r\n"
    "IHh5UHdMS0lIcFNsbFNaZkl2Ny1Da1NxT01iYjl3U0NmMQswCQYDVQQGEwJVUzEW\r\n"
    "MBQGA1UECBMNTWFzc2FjaHVzZXR0czEQMA4GA1UEBxMHRm94Ym9ybzEaMBgGA1UE\r\n"
    "ChMRQXhlZGEgQ29ycG9yYXRpb24xFjAUBgNVBAsTDUF4ZWRhIEhvc3RpbmcxIjAg\r\n"
    "BgNVBAMTGW51Y2xldXMtY29ubmVjdC5heGVkYS5jb20wggEiMA0GCSqGSIb3DQEB\r\n"
    "AQUAA4IBDwAwggEKAoIBAQDLho01WLMt1cpK6uRumj9kcbAq4bjF7kyz6G634Xi+\r\n"
    "5KyxP9Zzrp01AS1th+WHKCmDK+hJXor76GD7QZE+mAyS+3YWAhI6TfWRaF1LdMwp\r\n"
    "qN5yefkMzlQelp1D3fo2lTkuOmfwPGp9r+1cyJjeUo/KLD9zs1wjWdd5XTZYKlGh\r\n"
    "0DN7Vxvn1BlbLGWWL+jCO+kcve5PZrdQ9SfjzKZjMac0hH4cOkx8pNmAwDAz2azn\r\n"
    "HlNXxx80a5LH05/+VY/pSRhQcItj5jdF+BgtVkjuoMWdy/v57qv9jpDE6hvHWN+p\r\n"
    "umsZ/txiesdMY6ZVjH2D6i1Qy81LM1vcbVyVPVc9XVcNAgMBAAGjggGlMIIBoTAf\r\n"
    "BgNVHSMEGDAWgBRCeVQbYc1VKz5j1TxIV/Wf+0XOSjAOBgNVHQ8BAf8EBAMCBLAw\r\n"
    "HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCQGA1UdEQQdMBuCGW51Y2xl\r\n"
    "dXMtY29ubmVjdC5heGVkYS5jb20wPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2d0\r\n"
    "c3NsLWNybC5nZW90cnVzdC5jb20vY3Jscy9ndHNzbC5jcmwwHQYDVR0OBBYEFDqk\r\n"
    "jHdMa4EzPTCjuIaDaKFcAsCBMAwGA1UdEwEB/wQCMAAwbwYIKwYBBQUHAQEEYzBh\r\n"
    "MCoGCCsGAQUFBzABhh5odHRwOi8vZ3Rzc2wtb2NzcC5nZW90cnVzdC5jb20wMwYI\r\n"
    "KwYBBQUHMAKGJ2h0dHA6Ly9ndHNzbC1haWEuZ2VvdHJ1c3QuY29tL2d0c3NsLmNy\r\n"
    "dDBMBgNVHSAERTBDMEEGCmCGSAGG+EUBBzYwMzAxBggrBgEFBQcCARYlaHR0cDov\r\n"
    "L3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL2NwczANBgkqhkiG9w0BAQUFAAOC\r\n"
    "AQEAJoxPO9TMulDkR1z1w7sCrrfNRbC3/J/cHPq0DWXk/SptjFRoohqp9g0UrPm5\r\n"
    "8zhmgKuYWlhBFjHBBU35w1AFzbFjw/Yyz3oJ4CbcvwE8GskS+cNxj426oHcTPvbF\r\n"
    "I7nZ9d5X0DB7+i/Bj/ZOtiKeDsw0Xc9+OpTxo/dTlk2VmRlhEYUrXozY2XvYgZew\r\n"
    "JWOVwbclRsZrb7jNIV7Ft2TT/rWgxgE4qxwY0027cSeuZARIezYtN7DR9TKGxYZm\r\n"
    "QQDJB/eQZI/4FocqrQqu1d8n4ccLGSrF4w9+LKgf4tK6SXzdtjW9ImMwWUVzwxTd\r\n"
    "w+AV1Aq6BW6t2jbD4LZGi5QG6A==\r\n"
    "-----END CERTIFICATE-----\r\n"
    );

    certs.push_back(
    // 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at CN=VeriSign Class 3 Secure Server CA
    //   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
    "-----BEGIN CERTIFICATE-----\r\n"
    "MIIEnDCCBAWgAwIBAgIQdTN9mrDhIzuuLX3kRpFi1DANBgkqhkiG9w0BAQUFADBf\r\n"
    "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\r\n"
    "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\r\n"
    "HhcNMDUwMTE5MDAwMDAwWhcNMTUwMTE4MjM1OTU5WjCBsDELMAkGA1UEBhMCVVMx\r\n"
    "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\r\n"
    "dCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cu\r\n"
    "dmVyaXNpZ24uY29tL3JwYSAoYykwNTEqMCgGA1UEAxMhVmVyaVNpZ24gQ2xhc3Mg\r\n"
    "MyBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\r\n"
    "AQEAlcMhEo5AxQ0BX3ZeZpTZcyxYGSK4yfx6OZAqd3J8HT732FXjr0LLhzAC3Fus\r\n"
    "cOa4RLQrNeuT0hcFfstG1lxToDJRnXRkWPkMmgDqXkRJZHL0zRDihQr5NO6ziGap\r\n"
    "paRa0A6Yf1gNK1K7hql+LvqySHyN2y1fAXWijQY7i7RhB8m+Ipn4G9G1V2YETTX0\r\n"
    "kXGWtZkIJZuXyDrzILHdnpgMSmO3ps6wAc74k2rzDG6fsemEe4GYQeaB3D0s57Rr\r\n"
    "4578CBbXs9W5ZhKZfG1xyE2+xw/j+zet1XWHIWuG0EQUWlR5OZZpVsm5Mc2JYVjh\r\n"
    "2XYFBa33uQKvp/1HkaIiNFox0QIDAQABo4IBgTCCAX0wEgYDVR0TAQH/BAgwBgEB\r\n"
    "/wIBADBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0\r\n"
    "dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwMQYDVR0fBCowKDAmoCSgIoYgaHR0\r\n"
    "cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwDgYDVR0PAQH/BAQDAgEGMBEG\r\n"
    "CWCGSAGG+EIBAQQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRQ2xhc3Mz\r\n"
    "Q0EyMDQ4LTEtNDUwHQYDVR0OBBYEFG/sr6DdiqTv9SoQZy0/VYK81+8lMIGABgNV\r\n"
    "HSMEeTB3oWOkYTBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIElu\r\n"
    "Yy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlv\r\n"
    "biBBdXRob3JpdHmCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQEFBQADgYEA\r\n"
    "w34IRl2RNs9n3Nenr6+4IsOLBHTTsWC85v63RBKBWzFzFGNWxnIu0RoDQ1w4ClBK\r\n"
    "Tc3athmo9JkNr+P32PF1KGX2av6b9L1S2T/L2hbLpZ4ujmZSeD0m+v6UNohKlV4q\r\n"
    "TBnvbvqCPy0D79YoszcYz0KyNCFkR9MgazpM3OYDkAw=\r\n"
    "-----END CERTIFICATE-----\r\n"
    );

    certs.push_back(
    // 2 s:/C=US/ST=Massachusetts/L=Mansfield/O=Axeda Systems, Inc./CN=Axeda Systems CA/emailAddress=support@axeda.com
    //   i:/C=US/ST=Massachusetts/L=Mansfield/O=Axeda Systems, Inc./CN=Axeda Systems CA/emailAddress=support@axeda.com
    "-----BEGIN CERTIFICATE-----\r\n"
    "MIICmTCCAgICAQAwDQYJKoZIhvcNAQEEBQAwgZQxCzAJBgNVBAYTAlVTMRYwFAYD\r\n"
    "VQQIEw1NYXNzYWNodXNldHRzMRIwEAYDVQQHEwlNYW5zZmllbGQxHDAaBgNVBAoT\r\n"
    "E0F4ZWRhIFN5c3RlbXMsIEluYy4xGTAXBgNVBAMTEEF4ZWRhIFN5c3RlbXMgQ0Ex\r\n"
    "IDAeBgkqhkiG9w0BCQEWEXN1cHBvcnRAYXhlZGEuY29tMB4XDTAzMDExMDE3MzUy\r\n"
    "N1oXDTEzMDEwNzE3MzUyN1owgZQxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNz\r\n"
    "YWNodXNldHRzMRIwEAYDVQQHEwlNYW5zZmllbGQxHDAaBgNVBAoTE0F4ZWRhIFN5\r\n"
    "c3RlbXMsIEluYy4xGTAXBgNVBAMTEEF4ZWRhIFN5c3RlbXMgQ0ExIDAeBgkqhkiG\r\n"
    "9w0BCQEWEXN1cHBvcnRAYXhlZGEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\r\n"
    "iQKBgQD0VtQ82SdSI4QTwIWIXTya91GJ4IFZMwY3eXVkg3jpBwGGQFAk2yOAhITZ\r\n"
    "nQkZn5/JEifRJTvLhqq7AtFqkKG0bKza3jLFhMDh4q7nn5en1wWvMWQM8hSA7cBV\r\n"
    "DYbtsRObM8b7TiC8ZlxhN/6fZFiLyzX431Ppx2nSjyfpHK3oSQIDAQABMA0GCSqG\r\n"
    "SIb3DQEBBAUAA4GBAGav/orW9wQ7TvUiJV5IcpckJKQJrTd0M2XBu+iPwJ52+4pP\r\n"
    "SzJJ7zMdhUTEkxuWegz1L25DewZdnMBddtSK9/AcB6l7Ezqwfblr6cuLNduO9+MU\r\n"
    "29I/wb5gbC2vSppa/clLB7Cw/b7ypS+bTTIU9RbbOrtuKtyGGN3YCvXGKUgB\r\n"
    "-----END CERTIFICATE-----\r\n"
    );

    certs.push_back(
    // 3 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at CN=VeriSign Class 3 International Server CA - G3
    //   i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
    "-----BEGIN CERTIFICATE-----\r\n"
    "MIIGKTCCBRGgAwIBAgIQZBvoIM4CCBPzLU0tldZ+ZzANBgkqhkiG9w0BAQUFADCB\r\n"
    "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\r\n"
    "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\r\n"
    "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\r\n"
    "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\r\n"
    "aG9yaXR5IC0gRzUwHhcNMTAwMjA4MDAwMDAwWhcNMjAwMjA3MjM1OTU5WjCBvDEL\r\n"
    "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\r\n"
    "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\r\n"
    "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMtVmVy\r\n"
    "aVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMIIBIjAN\r\n"
    "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdacYvAV9IGaQQhZjxOdF8mfUdza\r\n"
    "sVLv/+NB3eDfxCjG4615HycQmLi7IJfBKERBD+qpqFLPTU4bi7u1xHbZzFYG7rNV\r\n"
    "ICreFY1xy1TIbxfNiQDk3P/hwB9ocenHKS5+vDv85burJlSLZpDN9pK5MSSAvJ5s\r\n"
    "1fx+0uFLjNxC+kRLX/gYtS4w9D0SmNNiBXNUppyiHb5SgzoHRsQ7AlYhv/JRT9Cm\r\n"
    "mTnprqU/iZucff5NYAclIPe712mDK4KTQzfZg0EbawurSmaET0qO3n40mY5o1so5\r\n"
    "BptMs5pITRNGtFghBMT7oE2sLktiEuP7TfbJUQABH/weaoEqOOC5T9YtRQIDAQAB\r\n"
    "o4ICFTCCAhEwEgYDVR0TAQH/BAgwBgEB/wIBADBwBgNVHSAEaTBnMGUGC2CGSAGG\r\n"
    "+EUBBxcDMFYwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9j\r\n"
    "cHMwKgYIKwYBBQUHAgIwHhocaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTAO\r\n"
    "BgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2Uv\r\n"
    "Z2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDov\r\n"
    "L2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYDVR0lBC0wKwYIKwYBBQUH\r\n"
    "AwEGCCsGAQUFBwMCBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwNAYIKwYBBQUHAQEE\r\n"
    "KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wNAYDVR0f\r\n"
    "BC0wKzApoCegJYYjaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy1nNS5jcmww\r\n"
    "KAYDVR0RBCEwH6QdMBsxGTAXBgNVBAMTEFZlcmlTaWduTVBLSS0yLTcwHQYDVR0O\r\n"
    "BBYEFNebfNgioBX33a1fzimbWMO8RgC1MB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ\r\n"
    "80M5+gKvMzEzMA0GCSqGSIb3DQEBBQUAA4IBAQBxtX1zUkrd1000Ky6vlEalSVAC\r\n"
    "T/gvF3DyE9wfIYaqwk98NzzURniuXXhv0bpavBCrWDbFjGIVRWAXIeLVQqh3oVXY\r\n"
    "QwRR9m66SOZdTLdE0z6k1dYzmp8N5tdOlkSVWmzWoxZTDphDzqS4w2Z6BVxiEOgb\r\n"
    "Ett9LnZQ/9/XaxvMisxx+rNAVnwzeneUW/ULU/sOX7xo+68q7jA3eRaTJX9NEP9X\r\n"
    "+79uOzMh3nnchhdZLUNkt6Zmh+q8lkYZGoaLb9e3SQBb26O/KZru99MzrqP0nkzK\r\n"
    "XmnUG623kHdq2FlveasB+lXwiiFm5WVu/XzT3x7rfj8GkPsZC9MGAht4Q5mo\r\n"
    "-----END CERTIFICATE-----\r\n"
    );

    certs.push_back(
    // 4 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
    //   i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
    "-----BEGIN CERTIFICATE-----\r\n"
    "MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB\r\n"
    "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\r\n"
    "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\r\n"
    "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\r\n"
    "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\r\n"
    "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL\r\n"
    "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\r\n"
    "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln\r\n"
    "biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp\r\n"
    "U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y\r\n"
    "aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1\r\n"
    "nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex\r\n"
    "t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz\r\n"
    "SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG\r\n"
    "BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+\r\n"
    "rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/\r\n"
    "NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E\r\n"
    "BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH\r\n"
    "BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy\r\n"
    "aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv\r\n"
    "MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE\r\n"
    "p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y\r\n"
    "5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK\r\n"
    "WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ\r\n"
    "4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N\r\n"
    "hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq\r\n"
    "-----END CERTIFICATE-----\r\n"
    );

    certs.push_back(
    // 5 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
    //   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
    "-----BEGIN CERTIFICATE-----\r\n"
    "MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4/TANBgkqhkiG9w0BAQUFADBf\r\n"
    "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\r\n"
    "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\r\n"
    "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\r\n"
    "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\r\n"
    "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\r\n"
    "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\r\n"
    "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\r\n"
    "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\r\n"
    "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\r\n"
    "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\r\n"
    "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\r\n"
    "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\r\n"
    "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\r\n"
    "AAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\r\n"
    "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9\r\n"
    "BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy\r\n"
    "aXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYI\r\n"
    "KwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQU\r\n"
    "j+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29t\r\n"
    "L3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v\r\n"
    "b2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMC\r\n"
    "BggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUA\r\n"
    "A4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5K\r\n"
    "lCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZ\r\n"
    "tOxFNfeKW/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3/\r\n"
    "-----END CERTIFICATE-----\r\n"
    );

    certs.push_back(
    // 6 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at CN=VeriSign Class 3 Extended Validation SSL CA
    //   i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
    "-----BEGIN CERTIFICATE-----\r\n"
    "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\r\n"
    "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\r\n"
    "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\r\n"
    "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\r\n"
    "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\r\n"
    "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\r\n"
    "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\r\n"
    "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\r\n"
    "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\r\n"
    "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\r\n"
    "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\r\n"
    "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\r\n"
    "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\r\n"
    "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\r\n"
    "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\r\n"
    "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\r\n"
    "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\r\n"
    "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\r\n"
    "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\r\n"
    "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\r\n"
    "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\r\n"
    "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\r\n"
    "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\r\n"
    "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\r\n"
    "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\r\n"
    "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\r\n"
    "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\r\n"
    "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\r\n"
    "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\r\n"
    "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\r\n"
    "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\r\n"
    "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\r\n"
    "-----END CERTIFICATE-----\r\n"
    );

    certs.push_back(
    // 7 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
    //   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
    "-----BEGIN CERTIFICATE-----\r\n"
    "MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4/TANBgkqhkiG9w0BAQUFADBf\r\n"
    "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\r\n"
    "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\r\n"
    "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\r\n"
    "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\r\n"
    "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\r\n"
    "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\r\n"
    "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\r\n"
    "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\r\n"
    "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\r\n"
    "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\r\n"
    "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\r\n"
    "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\r\n"
    "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\r\n"
    "AAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\r\n"
    "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9\r\n"
    "BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy\r\n"
    "aXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYI\r\n"
    "KwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQU\r\n"
    "j+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29t\r\n"
    "L3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v\r\n"
    "b2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMC\r\n"
    "BggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUA\r\n"
    "A4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5K\r\n"
    "lCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZ\r\n"
    "tOxFNfeKW/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3/\r\n"
    "-----END CERTIFICATE-----\r\n"
    );

    certs.push_back(
    // 8 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at CN=VeriSign Class 3 Extended Validation SSL SGC CA
    //   i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
    "-----BEGIN CERTIFICATE-----\r\n"
    "MIIGHjCCBQagAwIBAgIQLEjdkw31WY75PJlUemDtQzANBgkqhkiG9w0BAQUFADCB\r\n"
    "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\r\n"
    "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\r\n"
    "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\r\n"
    "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\r\n"
    "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBvjEL\r\n"
    "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\r\n"
    "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\r\n"
    "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMvVmVy\r\n"
    "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0EwggEi\r\n"
    "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Voi6iDRkZM/NyrDu5xlzxXLZ\r\n"
    "u0W8taj/g74cA9vtibcuEBolvFXKQaGfC88ZXnC5XjlLnjEcX4euKqqoK6IbOxAj\r\n"
    "XxOx3QiMThTag4HjtYzjaO0kZ85Wtqybc5ZE24qMs9bwcZOO23FUSutzWWqPcFEs\r\n"
    "A5+X0cwRerxiDZUqyRx1V+n1x+q6hDXLx4VafuRN4RGXfQ4gNEXb8aIJ6+s9nriW\r\n"
    "Q140SwglHkMaotm3igE0PcP45a9PjP/NZfAjTsWXs1zakByChQ0GDcEitnsopAPD\r\n"
    "TFPRWLxyvAg5/KB2qKjpS26IPeOzMSWMcylIDjJ5Bu09Q/T25On8fb6OCNUfAgMB\r\n"
    "AAGjggIIMIICBDAdBgNVHQ4EFgQUTkPIHXbvN1N6T/JYb5TzOOLVvd8wEgYDVR0T\r\n"
    "AQH/BAgwBgEB/wIBADA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\r\n"
    "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczA9BgNVHR8ENjA0MDKgMKAuhixo\r\n"
    "dHRwOi8vRVZTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9wY2EzLWc1LmNybDAOBgNV\r\n"
    "HQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgEGMG0GCCsGAQUFBwEMBGEwX6Fd\r\n"
    "oFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrU\r\n"
    "SBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMCkG\r\n"
    "A1UdEQQiMCCkHjAcMRowGAYDVQQDExFDbGFzczNDQTIwNDgtMS00ODAfBgNVHSME\r\n"
    "GDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzA9BggrBgEFBQcBAQQxMC8wLQYIKwYB\r\n"
    "BQUHMAGGIWh0dHA6Ly9FVlNlY3VyZS1vY3NwLnZlcmlzaWduLmNvbTA0BgNVHSUE\r\n"
    "LTArBglghkgBhvhCBAEGCmCGSAGG+EUBCAEGCCsGAQUFBwMBBggrBgEFBQcDAjAN\r\n"
    "BgkqhkiG9w0BAQUFAAOCAQEAJ3SmNOodneFT1hydDKdbTKln8vAytwEP+0IYON7k\r\n"
    "7knIE8kL7ATDQHEYcnZDAiNdq3vISBQayHsd/PYKnzah0glzcWaWdVE0v5kwUWed\r\n"
    "VLcmRaxzCCOGJplx9I7X6jmbBgkjv2LdqMS2faSJBz7zba5AWVB5lzc9Mnh9smNL\r\n"
    "+eoIaQ4T7ejPu6wFhsoiz4hiXTwiSdhj1SSmve9c48wgOyLq/ETGqOUf4YbNDE2P\r\n"
    "k1PZf+6hCKezMJZJcG6jbD3QY+8lZmPMqrcYF07qcHb2ukKmgDcJTp9miC5rM2bI\r\n"
    "wHGkQeta4/wULkuI/a5uW2XpJ+S/5LAjwbJ9W2Il1z4Q1A==\r\n"
    "-----END CERTIFICATE-----\r\n"
    );

    certs.push_back(
    // 9 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
    //   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
    "-----BEGIN CERTIFICATE-----\r\n"
    "MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4/TANBgkqhkiG9w0BAQUFADBf\r\n"
    "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\r\n"
    "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\r\n"
    "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\r\n"
    "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\r\n"
    "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\r\n"
    "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\r\n"
    "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\r\n"
    "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\r\n"
    "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\r\n"
    "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\r\n"
    "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\r\n"
    "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\r\n"
    "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\r\n"
    "AAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\r\n"
    "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9\r\n"
    "BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy\r\n"
    "aXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYI\r\n"
    "KwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQU\r\n"
    "j+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29t\r\n"
    "L3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v\r\n"
    "b2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMC\r\n"
    "BggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUA\r\n"
    "A4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5K\r\n"
    "lCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZ\r\n"
    "tOxFNfeKW/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3/\r\n"
    "-----END CERTIFICATE-----\r\n"
    );

    certs.push_back(
    //10 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at CN=VeriSign Class 3 Secure Server CA
    //   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
    "-----BEGIN CERTIFICATE-----\r\n"
    "MIIEnDCCBAWgAwIBAgIQdTN9mrDhIzuuLX3kRpFi1DANBgkqhkiG9w0BAQUFADBf\r\n"
    "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\r\n"
    "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\r\n"
    "HhcNMDUwMTE5MDAwMDAwWhcNMTUwMTE4MjM1OTU5WjCBsDELMAkGA1UEBhMCVVMx\r\n"
    "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\r\n"
    "dCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cu\r\n"
    "dmVyaXNpZ24uY29tL3JwYSAoYykwNTEqMCgGA1UEAxMhVmVyaVNpZ24gQ2xhc3Mg\r\n"
    "MyBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\r\n"
    "AQEAlcMhEo5AxQ0BX3ZeZpTZcyxYGSK4yfx6OZAqd3J8HT732FXjr0LLhzAC3Fus\r\n"
    "cOa4RLQrNeuT0hcFfstG1lxToDJRnXRkWPkMmgDqXkRJZHL0zRDihQr5NO6ziGap\r\n"
    "paRa0A6Yf1gNK1K7hql+LvqySHyN2y1fAXWijQY7i7RhB8m+Ipn4G9G1V2YETTX0\r\n"
    "kXGWtZkIJZuXyDrzILHdnpgMSmO3ps6wAc74k2rzDG6fsemEe4GYQeaB3D0s57Rr\r\n"
    "4578CBbXs9W5ZhKZfG1xyE2+xw/j+zet1XWHIWuG0EQUWlR5OZZpVsm5Mc2JYVjh\r\n"
    "2XYFBa33uQKvp/1HkaIiNFox0QIDAQABo4IBgTCCAX0wEgYDVR0TAQH/BAgwBgEB\r\n"
    "/wIBADBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0\r\n"
    "dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwMQYDVR0fBCowKDAmoCSgIoYgaHR0\r\n"
    "cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwDgYDVR0PAQH/BAQDAgEGMBEG\r\n"
    "CWCGSAGG+EIBAQQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRQ2xhc3Mz\r\n"
    "Q0EyMDQ4LTEtNDUwHQYDVR0OBBYEFG/sr6DdiqTv9SoQZy0/VYK81+8lMIGABgNV\r\n"
    "HSMEeTB3oWOkYTBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIElu\r\n"
    "Yy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlv\r\n"
    "biBBdXRob3JpdHmCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQEFBQADgYEA\r\n"
    "w34IRl2RNs9n3Nenr6+4IsOLBHTTsWC85v63RBKBWzFzFGNWxnIu0RoDQ1w4ClBK\r\n"
    "Tc3athmo9JkNr+P32PF1KGX2av6b9L1S2T/L2hbLpZ4ujmZSeD0m+v6UNohKlV4q\r\n"
    "TBnvbvqCPy0D79YoszcYz0KyNCFkR9MgazpM3OYDkAw=\r\n"
    "-----END CERTIFICATE-----\r\n"
    );

    certs.push_back(
    //11 s:/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA
    //   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
    "-----BEGIN CERTIFICATE-----\r\n"
    "MIID2TCCAsGgAwIBAgIDAjbQMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT\r\n"
    "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i\r\n"
    "YWwgQ0EwHhcNMTAwMjE5MjIzOTI2WhcNMjAwMjE4MjIzOTI2WjBAMQswCQYDVQQG\r\n"
    "EwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xGDAWBgNVBAMTD0dlb1RydXN0\r\n"
    "IFNTTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJCzgMHk5Uat\r\n"
    "cGA9uuUU3Z6KXot1WubKbUGlI+g5hSZ6p1V3mkihkn46HhrxJ6ujTDnMyz1Hr4Gu\r\n"
    "FmpcN+9FQf37mpc8oEOdxt8XIdGKolbCA0mEEoE+yQpUYGa5jFTk+eb5lPHgX3UR\r\n"
    "8im55IaisYmtph6DKWOy8FQchQt65+EuDa+kvc3nsVrXjAVaDktzKIt1XTTYdwvh\r\n"
    "dGLicTBi2LyKBeUxY0pUiWozeKdOVSQdl+8a5BLGDzAYtDRN4dgjOyFbLTAZJQ50\r\n"
    "96QhS6CkIMlszZhWwPKoXz4mdaAN+DaIiixafWcwqQ/RmXAueOFRJq9VeiS+jDkN\r\n"
    "d53eAsMMvR8CAwEAAaOB2TCB1jAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFEJ5\r\n"
    "VBthzVUrPmPVPEhX9Z/7Rc5KMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4\r\n"
    "ysxOMBIGA1UdEwEB/wQIMAYBAf8CAQAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDov\r\n"
    "L2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwNAYIKwYBBQUHAQEE\r\n"
    "KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nZW90cnVzdC5jb20wDQYJKoZI\r\n"
    "hvcNAQEFBQADggEBANTvU4ToGr2hiwTAqfVfoRB4RV2yV2pOJMtlTjGXkZrUJPji\r\n"
    "J2ZwMZzBYlQG55cdOprApClICq8kx6jEmlTBfEx4TCtoLF0XplR4TEbigMMfOHES\r\n"
    "0tdT41SFULgCy+5jOvhWiU1Vuy7AyBh3hjELC3DwfjWDpCoTZFZnNF0WX3OsewYk\r\n"
    "2k9QbSqr0E1TQcKOu3EDSSmGGM8hQkx0YlEVxW+o78Qn5Rsz3VqI138S0adhJR/V\r\n"
    "4NwdzxoQ2KDLX4z6DOW/cf/lXUQdpj6HR/oaToODEj+IZpWYeZqF6wJHzSXj8gYE\r\n"
    "TpnKXKBuervdo5AaRTPvvz7SBMS24CqFZUE+ENQ=\r\n"
    "-----END CERTIFICATE-----\r\n"
    );
}

These certs are all appended and provided to the CyaSSL_CTX_load_verify_buffer().