Description of problem:
As was discussed in bug 752414 - certificates generated by certutil and openssl need to be manually reformated to be able to use with condor-aviary. Both formats (server cert first or cacert first in serv.pem) are OK for openssl.

Btw. the same problem has cumin.

When we try to verify those certificates before manual change (aviary doesn't like):
# openssl verify -CAfile                    ./ca.pem serv.pem client.pem
serv.pem: OK
client.pem: OK
[12:15:43] ecode=0
# openssl verify -purpose sslclient -CAfile ./ca.pem serv.pem client.pem
serv.pem: OK
client.pem: OK
[12:15:49] ecode=0
# openssl verify -purpose sslserver -CAfile ./ca.pem serv.pem client.pem
serv.pem: OK
client.pem: OK
[12:15:54] ecode=0
# openssl verify -purpose any       -CAfile ./ca.pem serv.pem client.pem
serv.pem: OK
client.pem: OK
[12:16:02] ecode=0

and after change (aviary likes):
# openssl verify -CAfile                    ./ca.pem serv.pem client.pem
serv.pem: OK
client.pem: OK
[12:13:35] ecode=0
# openssl verify -purpose sslclient -CAfile ./ca.pem serv.pem client.pem
serv.pem: OK
client.pem: OK
[12:13:44] ecode=0
# openssl verify -purpose sslserver -CAfile ./ca.pem serv.pem client.pem
serv.pem: OK
client.pem: OK
[12:13:53] ecode=0
# openssl verify -purpose any       -CAfile ./ca.pem serv.pem client.pem
serv.pem: OK
client.pem: OK
[12:14:02] ecode=0

Version-Release number of selected component (if applicable):
cumin-0.1.5098-1
condor-7.6.5-0.6
condor-aviary-7.6.5-0.6

How reproducible:
100%

Steps to Reproduce:
see bug 752414 

Actual results:
Generated certificates need manual change

Expected results:
Certificates works withou manual change

Additional info: