1 c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 2 SPDX-License-Identifier: curl 3 Long: cacert 4 Arg: <file> 5 Help: CA certificate to verify peer against 6 Protocols: TLS 7 Category: tls 8 See-also: capath insecure 9 Example: --cacert CA-file.txt $URL 10 Added: 7.5 11 Multi: single 12 --- 13 Tells curl to use the specified certificate file to verify the peer. The file 14 may contain multiple CA certificates. The certificate(s) must be in PEM 15 format. Normally curl is built to use a default file for this, so this option 16 is typically used to alter that default file. 17 18 curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is 19 set, and uses the given path as a path to a CA cert bundle. This option 20 overrides that variable. 21 22 The windows version of curl automatically looks for a CA certs file named 23 'curl-ca-bundle.crt', either in the same directory as curl.exe, or in the 24 Current Working Directory, or in any folder along your PATH. 25 26 (iOS and macOS only) If curl is built against Secure Transport, then this 27 option is supported for backward compatibility with other SSL engines, but it 28 should not be set. If the option is not set, then curl uses the certificates 29 in the system and user Keychain to verify the peer, which is the preferred 30 method of verifying the peer's certificate chain. 31 32 (Schannel only) This option is supported for Schannel in Windows 7 or later 33 (added in 7.60.0). This option is supported for backward compatibility with 34 other SSL engines; instead it is recommended to use Windows' store of root 35 certificates (the default for Schannel). 36