1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Long: cacert 5Arg: <file> 6Help: CA certificate to verify peer against 7Protocols: TLS 8Category: tls 9Added: 7.5 10Multi: single 11See-also: 12 - capath 13 - dump-ca-embed 14 - insecure 15Example: 16 - --cacert CA-file.txt $URL 17--- 18 19# `--cacert` 20 21Use the specified certificate file to verify the peer. The file may contain 22multiple CA certificates. The certificate(s) must be in PEM format. Normally 23curl is built to use a default file for this, so this option is typically used 24to alter that default file. 25 26curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is set 27and the TLS backend is not Schannel, and uses the given path as a path to a CA 28cert bundle. This option overrides that variable. 29 30The Windows version of curl automatically looks for a CA certs file named 31'curl-ca-bundle.crt', either in the same directory as curl.exe, or in the 32Current Working Directory, or in any folder along your PATH. 33 34(iOS and macOS only) If curl is built against Secure Transport, then this 35option is supported for backward compatibility with other SSL engines, but it 36should not be set. If the option is not set, then curl uses the certificates 37in the system and user Keychain to verify the peer, which is the preferred 38method of verifying the peer's certificate chain. 39 40(Schannel only) This option is supported for Schannel in Windows 7 or later 41(added in 7.60.0). This option is supported for backward compatibility with 42other SSL engines; instead it is recommended to use Windows' store of root 43certificates (the default for Schannel). 44
