Index: new/java/com/tigervnc/rfb/CSecurityTLS.java
===================================================================
--- new.orig/java/com/tigervnc/rfb/CSecurityTLS.java	2013-04-18 11:56:22.000000000 +0200
+++ new/java/com/tigervnc/rfb/CSecurityTLS.java	2013-04-18 13:59:03.000000000 +0200
@@ -25,6 +25,7 @@
 import java.io.File;
 import java.io.InputStream;
 import java.io.FileInputStream;
+import java.io.ByteArrayInputStream;
 import java.util.ArrayList;
 import java.util.Collection;
 import javax.swing.JOptionPane;
@@ -34,6 +35,9 @@
 
 public class CSecurityTLS extends CSecurity {
 
+  public static StringParameter PVECert
+  = new StringParameter("PVECert",
+                        "Proxmox VE CA certificate", "");
   public static StringParameter x509ca
   = new StringParameter("x509ca",
                         "X509 CA certificate", "");
@@ -92,6 +96,8 @@
   {
     anon = _anon;
     setDefaults();
+
+    pvecert = PVECert.getData();
     cafile = x509ca.getData(); 
     crlfile = x509crl.getData(); 
   }
@@ -170,10 +176,15 @@
       CertificateFactory cf = CertificateFactory.getInstance("X.509");
       try {
         ks.load(null, null);
-        File cacert = new File(cafile);
-        if (!cacert.exists() || !cacert.canRead())
-          return;
-        InputStream caStream = new FileInputStream(cafile);
+        InputStream caStream;
+        if (pvecert != null) {
+            caStream = new ByteArrayInputStream(pvecert.getBytes("ISO-8859-1"));
+        } else {
+            File cacert = new File(cafile);
+            if (!cacert.exists() || !cacert.canRead())
+                return;
+            caStream = new FileInputStream(cafile);
+        }
         X509Certificate ca = (X509Certificate)cf.generateCertificate(caStream);
         ks.setCertificateEntry("CA", ca);
         PKIXBuilderParameters params = new PKIXBuilderParameters(ks, new X509CertSelector());
@@ -241,6 +252,7 @@
   private boolean anon;
   private SSLSession session;
   private String cafile, crlfile;
+  private String pvecert;
   private InStream is;
   private SSLSocket ssl;
 
Index: new/java/com/tigervnc/vncviewer/VncViewer.java
===================================================================
--- new.orig/java/com/tigervnc/vncviewer/VncViewer.java	2013-04-18 11:56:21.000000000 +0200
+++ new/java/com/tigervnc/vncviewer/VncViewer.java	2013-04-18 13:56:33.000000000 +0200
@@ -168,6 +168,11 @@
     if (firstApplet) {
       alwaysShowServerDialog.setParam(true);
       Configuration.readAppletParams(this);
+      String tmpcert = this.getParameter("PVECert");
+      if (tmpcert != null) {
+          CSecurityTLS.PVECert.setParam(tmpcert.replace('|', '\n'));
+      }
+ 
       String host = getCodeBase().getHost();
       if (vncServerName.getValue() == null && vncServerPort.getValue() != 0) {
         int port = vncServerPort.getValue();