I think I'm having a similar problem regarding trusted CA root certs, but not sure.
I don't need to do mutual authentication (as listed here); I basically just want to send an email address via http post to an https addr via roUrlTransfer.
I have tried using both the cacert.pem included with the SDK, as well as a pem file my client provided for me by request. The client's pem file seems legit as tested with the checker at sslshopper.com, but if I do an "openssl verify" on it I get "error 20 at 0 depth lookup:unable to get local issuer certificate" (not sure it applies).
This is the error I'm getting via the roku debug console: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086SL routinesSL3_GET_SERVER_CERTIFICATE:certificate verify failed getresponsecode -60
Finally, if I'm not doing mutual authentication, do I still need to upload the package as a private test channel in order for this to work properly?
Ah answered my own question.. was quite easy. I just viewed the certificate chain via firefox, grabbed the certificate at the top of the chain and created a pem file with it, and used called that in the brightscript code. I thought the intermediate CA certificate was good enough but it wasn't. Problem solved.