| 1234567891011121314151617181920212223242526272829303132333435363738 |
- c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- SPDX-License-Identifier: curl
- Long: cacert
- Arg: <file>
- Help: CA certificate to verify peer against
- Protocols: TLS
- Category: tls
- See-also: capath insecure
- Example: --cacert CA-file.txt $URL
- Added: 7.5
- Multi: single
- ---
- Tells curl to use the specified certificate file to verify the peer. The file
- may contain multiple CA certificates. The certificate(s) must be in PEM
- format. Normally curl is built to use a default file for this, so this option
- is typically used to alter that default file.
- curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is
- set, and uses the given path as a path to a CA cert bundle. This option
- overrides that variable.
- The windows version of curl will automatically look for a CA certs file named
- 'curl-ca-bundle.crt', either in the same directory as curl.exe, or in the
- Current Working Directory, or in any folder along your PATH.
- If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module
- (libnsspem.so) needs to be available for this option to work properly.
- (iOS and macOS only) If curl is built against Secure Transport, then this
- option is supported for backward compatibility with other SSL engines, but it
- should not be set. If the option is not set, then curl will use the
- certificates in the system and user Keychain to verify the peer, which is the
- preferred method of verifying the peer's certificate chain.
- (Schannel only) This option is supported for Schannel in Windows 7 or later
- with libcurl 7.60 or later. This option is supported for backward
- compatibility with other SSL engines; instead it is recommended to use
- Windows' store of root certificates (the default for Schannel).
|
