Validation is the name
--#--
You now have a pile of .der files (incidentally, DER stands for 
Distinguished Encoding Rules, a well-defined binary format for 
certificates). But which is which? What I did is grep for "RSA" to 
find the RSA certs, "Thawte" to find the Thawte certs, etc.<br>
<br>
You can also use openssl to examine each cert.<br>
<br>
<code>
openssl x509 -inform DER -in 1.cert -text
</code>
<br>
Here's a hint: The RSA Data Security, Inc., Secure Server 
Certification Authority cert that expires Jan. 7 2010 is one 
of the most prevalent on the Web. (It came out 1.cert when I 
dumped my cert7.db.) Name it RSA.der and go from there. Another 
common one is the Thawte Server CA (it came out 51.cert from my 
dump). Name it thawte.der, or whatever you choose.<br>
<br>
OK, so now we can verify that the servers we're going against have 
proper certificates and are almost certainly who they say they are.
<br>