cacert.d 1.7 KB

1234567891011121314151617181920212223242526272829303132333435363738
  1. c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
  2. SPDX-License-Identifier: curl
  3. Long: cacert
  4. Arg: <file>
  5. Help: CA certificate to verify peer against
  6. Protocols: TLS
  7. Category: tls
  8. See-also: capath insecure
  9. Example: --cacert CA-file.txt $URL
  10. Added: 7.5
  11. Multi: single
  12. ---
  13. Tells curl to use the specified certificate file to verify the peer. The file
  14. may contain multiple CA certificates. The certificate(s) must be in PEM
  15. format. Normally curl is built to use a default file for this, so this option
  16. is typically used to alter that default file.
  17. curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is
  18. set, and uses the given path as a path to a CA cert bundle. This option
  19. overrides that variable.
  20. The windows version of curl will automatically look for a CA certs file named
  21. 'curl-ca-bundle.crt', either in the same directory as curl.exe, or in the
  22. Current Working Directory, or in any folder along your PATH.
  23. If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module
  24. (libnsspem.so) needs to be available for this option to work properly.
  25. (iOS and macOS only) If curl is built against Secure Transport, then this
  26. option is supported for backward compatibility with other SSL engines, but it
  27. should not be set. If the option is not set, then curl will use the
  28. certificates in the system and user Keychain to verify the peer, which is the
  29. preferred method of verifying the peer's certificate chain.
  30. (Schannel only) This option is supported for Schannel in Windows 7 or later
  31. with libcurl 7.60 or later. This option is supported for backward
  32. compatibility with other SSL engines; instead it is recommended to use
  33. Windows' store of root certificates (the default for Schannel).