| lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame] | 1 | Long: cacert |
| 2 | Arg: <CA certificate> |
| 3 | Help: CA certificate to verify peer against |
| 4 | Protocols: TLS |
| 5 | --- |
| 6 | Tells curl to use the specified certificate file to verify the peer. The file |
| 7 | may contain multiple CA certificates. The certificate(s) must be in PEM |
| 8 | format. Normally curl is built to use a default file for this, so this option |
| 9 | is typically used to alter that default file. |
| 10 | |
| 11 | curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is |
| 12 | set, and uses the given path as a path to a CA cert bundle. This option |
| 13 | overrides that variable. |
| 14 | |
| 15 | The windows version of curl will automatically look for a CA certs file named |
| 16 | \'curl-ca-bundle.crt\', either in the same directory as curl.exe, or in the |
| 17 | Current Working Directory, or in any folder along your PATH. |
| 18 | |
| 19 | If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module |
| 20 | (libnsspem.so) needs to be available for this option to work properly. |
| 21 | |
| 22 | (iOS and macOS only) If curl is built against Secure Transport, then this |
| 23 | option is supported for backward compatibility with other SSL engines, but it |
| 24 | should not be set. If the option is not set, then curl will use the |
| 25 | certificates in the system and user Keychain to verify the peer, which is the |
| 26 | preferred method of verifying the peer's certificate chain. |
| 27 | |
| 28 | If this option is used several times, the last one will be used. |