lib/ssl-peer-ca-cert.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

<?xml version="1.0" encoding="utf-8"?>
<dl>
  <dt><code>--peer-ca-cert=</code><var>peer-cacert.pem</var></dt>
  <dd>
    <p>
      Specifies a PEM file that contains one or more additional certificates
      to send to SSL peers.  <var>peer-cacert.pem</var> should be the CA
      certificate used to sign the program's own certificate, that is, the
      certificate specified on <code>-c</code> or <code>--certificate</code>.
      If the program's certificate is self-signed, then
      <code>--certificate</code> and <code>--peer-ca-cert</code> should specify
      the same file.
    </p>
    <p>
      This option is not useful in normal operation, because the SSL peer
      must already have the CA certificate for the peer to have any
      confidence in the program's identity.  However, this offers a way for
      a new installation to bootstrap the CA certificate on its first SSL
      connection.
    </p>
  </dd>
</dl>