The pkcs12 had no way of getting a CA file or path to be used when

building a complete chain.  Now added through the -CAfile and -CApath
arguments.