Hi, > This is incorrect as the Certificate of peer is signed by previous CA > certificate, which has been deleted in step 4 above. The certificate is probably still in the cache, and therefore accepted. There is currently no way to flush the cache externally, you'll have to restart the daemon. Regards Martin