RSA-SHA1 --> http://sprunge.us/VXEV
IIRC I couldn't use anything newer because the prod servers are too old
They're definitely too old for ECDSA; not sure about SHA2http://sprunge.us/PZWE
is one of the the host certs (signed by that CA)
certutil -d .../ -L reports ==> Cyber IT Solutions - Cyber IT Solutions CT,c,c
When I compare it to a nss3 database I created by hand, I only see "Cyber IT Solutions C,,"