Some of the endpoints (e.g., httpbin.org) is still relying on the
Starfield Class 2 CA in the chain. Added this root certificate as
a temporary exception and shall be removed in future.
Purpose:
This will allow for easily automating periodic updates to
"cacrt_all.pem" file.
Note:
For now newly created "cacrt_local.pem" contains single "DST Root CA X3"
which we are keeping to manage compatibility with endpoints like
"howsmyssl.com". Please note this Root CA is expired and is not part of
Mozilla’s NSS root certificate store.
