The problem:
Every time some AIR applications start, they give a prompt saying ’trying to connect to an unverified server baz.com (on port 443). Do you trust this server ?’.
Clicking ’always’ (out of 'always', 'this session' and 'never') doesn't work, and it always asks the next time anyway.
The solution:
Visit https://baz.com in your web browser, and look at the certificate information for the site (on FireFox, click to the left of the address, then press 'more information').
Find the 'issued by' name i.e. 'Equifax Secure Inc.' and fingerprint (a long hex string) (on FireFox, press 'view certificate').
Use Google to find this companies .cer file i.e. http://www.geotrust.com/resources/root-certificates/ lists http://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Global_eBusiness_CA-1_DER.cer (check fingerprints to be sure it's the right one)
Convert the .cer to .pem
openssl x509 -inform der -in Equifax_Secure_Certificate_Authority_DER.cer -out MYCERT1.pem
Find the hash (this is not the same as the fingerprint) e.g. 594f1775
openssl x509 -noout -hash -in MYCERT1.pem
Move the .pem file, renaming it to match the hash plus a '.0', to .appdata/Adobe/Air/Certs
mv MYCERT1.pm ~/.appdata/Adobe/AIR/Certs/594f1775.0
It seems to then end up in /etc/ssl/certs/594f1775.0 so if the above doesn't work, try putting it there instead and let me know.
This is all for KDE3 on OpenSuSE 10.3 64bit, but should work elsewhere.