1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Long: cacert 5Arg: <file> 6Help: CA certificate to verify peer against 7Protocols: TLS 8Category: tls 9Added: 7.5 10Multi: single 11See-also: 12 - capath 13 - insecure 14Example: 15 - --cacert CA-file.txt $URL 16--- 17 18# `--cacert` 19 20Tells curl to use the specified certificate file to verify the peer. The file 21may contain multiple CA certificates. The certificate(s) must be in PEM 22format. Normally curl is built to use a default file for this, so this option 23is typically used to alter that default file. 24 25curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is set 26and the TLS backend is not Schannel, and uses the given path as a path to a CA 27cert bundle. This option overrides that variable. 28 29The windows version of curl automatically looks for a CA certs file named 30'curl-ca-bundle.crt', either in the same directory as curl.exe, or in the 31Current Working Directory, or in any folder along your PATH. 32 33(iOS and macOS only) If curl is built against Secure Transport, then this 34option is supported for backward compatibility with other SSL engines, but it 35should not be set. If the option is not set, then curl uses the certificates 36in the system and user Keychain to verify the peer, which is the preferred 37method of verifying the peer's certificate chain. 38 39(Schannel only) This option is supported for Schannel in Windows 7 or later 40(added in 7.60.0). This option is supported for backward compatibility with 41other SSL engines; instead it is recommended to use Windows' store of root 42certificates (the default for Schannel). 43