gpgkeys: HTTP fetch error 60: SSL certificate problem: Invalid certificate chain
After installing GnuPG from Homebrew, gpg was unable to connect to one of its key servers:
$ gpg --refresh-keys gpg: refreshing 47 keys from hkps://hkps.pool.sks-keyservers.net gpgkeys: HTTP fetch error 60: SSL certificate problem: Invalid certificate chain [...]The trick was to install their root certificate and mark it "trusted":
$ wget https://sks-keyservers.net/sks-keyservers.netCA.pem $ open sks-keyservers.netCA.pem => Trust alwaysNow the operation was able to complete:
$ gpg --refresh-keys [...] gpg: Total number processed: 47 gpg: unchanged: 19 gpg: new user IDs: 5 gpg: new subkeys: 4 gpg: new signatures: 1698 gpg: signatures cleaned: 2 gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 19 signed: 12 trust: 0-, 0q, 0n, 0m, 0f, 19u gpg: depth: 1 valid: 12 signed: 4 trust: 12-, 0q, 0n, 0m, 0f, 0u gpg: next trustdb check due at 2018-08-19