> But you need the updated certificate to view this website without warning

I didn’t. IIRC they did some whacky thing on their own site such that it still worked in Chromium.

Doesn't Chromium use its own CA store, or is that different on the OS X version?

Chromium uses its own HTTPS implementation but does not currently use its own CA store. If it did, adding the aforementioned certificate would not have fixed all of the “Your Connection Is Not Private” errors I was encountering previously. :)

They would presumably use both.

Sorry, I'm not sure I understand your comment. You can presume whatever you want, but I'm telling you how it works. :)

IIRC there are plans to switch Chromium to its own certificate store on all platforms, but they seem to be a ways off.

When you add a root certificate to a browser, typically it is configured to accept BOTH the added cert and the built-in/system certs. There would certainly be no reason not to in this case.

Both of which will also need a certificate store

Use the -k switch on curl to skip certificate verification.

Use a phone, or a phone call to a trusted friend, to verify the signature of the certificate.

Obviously not instructions you can give to an ordinary user, but that line was crossed at curl.