1*6236dae4SAndroid Build Coastguard Worker--- 2*6236dae4SAndroid Build Coastguard Workerc: Copyright (C) Daniel Stenberg, <[email protected]>, et al. 3*6236dae4SAndroid Build Coastguard WorkerSPDX-License-Identifier: curl 4*6236dae4SAndroid Build Coastguard WorkerLong: cacert 5*6236dae4SAndroid Build Coastguard WorkerArg: <file> 6*6236dae4SAndroid Build Coastguard WorkerHelp: CA certificate to verify peer against 7*6236dae4SAndroid Build Coastguard WorkerProtocols: TLS 8*6236dae4SAndroid Build Coastguard WorkerCategory: tls 9*6236dae4SAndroid Build Coastguard WorkerAdded: 7.5 10*6236dae4SAndroid Build Coastguard WorkerMulti: single 11*6236dae4SAndroid Build Coastguard WorkerSee-also: 12*6236dae4SAndroid Build Coastguard Worker - capath 13*6236dae4SAndroid Build Coastguard Worker - dump-ca-embed 14*6236dae4SAndroid Build Coastguard Worker - insecure 15*6236dae4SAndroid Build Coastguard WorkerExample: 16*6236dae4SAndroid Build Coastguard Worker - --cacert CA-file.txt $URL 17*6236dae4SAndroid Build Coastguard Worker--- 18*6236dae4SAndroid Build Coastguard Worker 19*6236dae4SAndroid Build Coastguard Worker# `--cacert` 20*6236dae4SAndroid Build Coastguard Worker 21*6236dae4SAndroid Build Coastguard WorkerUse the specified certificate file to verify the peer. The file may contain 22*6236dae4SAndroid Build Coastguard Workermultiple CA certificates. The certificate(s) must be in PEM format. Normally 23*6236dae4SAndroid Build Coastguard Workercurl is built to use a default file for this, so this option is typically used 24*6236dae4SAndroid Build Coastguard Workerto alter that default file. 25*6236dae4SAndroid Build Coastguard Worker 26*6236dae4SAndroid Build Coastguard Workercurl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is set 27*6236dae4SAndroid Build Coastguard Workerand the TLS backend is not Schannel, and uses the given path as a path to a CA 28*6236dae4SAndroid Build Coastguard Workercert bundle. This option overrides that variable. 29*6236dae4SAndroid Build Coastguard Worker 30*6236dae4SAndroid Build Coastguard Worker(Windows) curl automatically looks for a CA certs file named 31*6236dae4SAndroid Build Coastguard Worker'curl-ca-bundle.crt', either in the same directory as curl.exe, or in the 32*6236dae4SAndroid Build Coastguard WorkerCurrent Working Directory, or in any folder along your PATH. 33*6236dae4SAndroid Build Coastguard Worker 34*6236dae4SAndroid Build Coastguard Workercurl 8.11.0 added a build-time option to disable this search behavior, and 35*6236dae4SAndroid Build Coastguard Workeranother option to restrict search to the application's directory. 36*6236dae4SAndroid Build Coastguard Worker 37*6236dae4SAndroid Build Coastguard Worker(iOS and macOS only) If curl is built against Secure Transport, then this 38*6236dae4SAndroid Build Coastguard Workeroption is supported for backward compatibility with other SSL engines, but it 39*6236dae4SAndroid Build Coastguard Workershould not be set. If the option is not set, then curl uses the certificates 40*6236dae4SAndroid Build Coastguard Workerin the system and user Keychain to verify the peer, which is the preferred 41*6236dae4SAndroid Build Coastguard Workermethod of verifying the peer's certificate chain. 42*6236dae4SAndroid Build Coastguard Worker 43*6236dae4SAndroid Build Coastguard Worker(Schannel only) This option is supported for Schannel in Windows 7 or later 44*6236dae4SAndroid Build Coastguard Worker(added in 7.60.0). This option is supported for backward compatibility with 45*6236dae4SAndroid Build Coastguard Workerother SSL engines; instead it is recommended to use Windows' store of root 46*6236dae4SAndroid Build Coastguard Workercertificates (the default for Schannel). 47