From 08e471f2ce4cc31adc3f0e632a850c5c693c7633 Mon Sep 17 00:00:00 2001
From: Pjotr Prins
Date: Mon, 24 Jun 2024 02:25:38 -0500
Subject: VPN: more on certificates

---
 topics/deploy/uthsc-vpn-with-free-software.gmi | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/topics/deploy/uthsc-vpn-with-free-software.gmi b/topics/deploy/uthsc-vpn-with-free-software.gmi
index 914abbc..344772c 100644
--- a/topics/deploy/uthsc-vpn-with-free-software.gmi
+++ b/topics/deploy/uthsc-vpn-with-free-software.gmi
@@ -69,10 +69,23 @@ When the certificate expires you can download the new one with:
 * Move it to /usr/local/share/ca-certificates (with .crt extension) or equivalent
 * On Debian/Ubuntu update the certificate store with update-ca-certificates
 
+You should see
+
+```
+Updating certificates in /etc/ssl/certs...
+1 added, 0 removed; done.
+```
+
 Thanks Niklas. See also
 
 => https://superuser.com/a/719047/914881
 
+On GUIX you may need to point to the updated certificates file with:
+
+```
+env REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt  openconnect-sso --server uthscvpn1.uthsc.edu --authgroup UTHSC
+```
+
 ## Acknowledgement
 
 Many thanks to Pjotr Prins and Erik Garrison without whose earlier work this guide would not be possible.
-- 
cgit v1.2.3