Benjamin, thanks for posting that. With your explanation, plus this
hint on StackOverflow that certificate
order matters,
I got
nsssl
working for me. In one file, I put my certificate, my private key,
and then my vendor's CA cert,
in that order. Initially I had
the CA cert first, which broke things.