Comment 6 for bug 295266

Malte S. Stretz (mss) wrote :

Hm, this is really... convoluted. Seems like KDE uses (at least) two files: A PEM-file /usr/share/kde4/apps/kssl/ca-bundle.crtplus an ini-file /usr/share/kde4/config/ksslcalist.
See also
  http://websvn.kde.org/branches/KDE/4.1/kdelibs/kio/kssl/kssl/
and
  http://www.roumenpetrov.info/domino_CA/#comment01

It *seems* like replacing the ca-bundle.crt with a symlink to /etc/ssl/certs/ca-certififcates.crt is enough to make KDE recognize the global list of root CAs (at least after a re-login Konqueror doesn't complain about CAcert anymore). So maybe the options stored in the file ksslcalist is obsolete? Got to have a look at the source. Or can anybody with more insight comment?