root CA certificates. David's reply jogged my memory; if i recall, i cat'ed /etc/ssl/certs/*.pem of the ubuntu box and it was so i could go get.

On Tue, Dec 3, 2013 at 9:44 AM, Jeff Sickel <jas@corpus-callosum.com> wrote:

What do people use for /sys/lib/tls/ca.pem?

I noticed that David added it as the default for Go’s
crypt/x509, but do you use a blank, self-signed template,
or an actual trusted CA chain?