Configures a custom CA (Certificates Authority) certificates file.
Most applications should use the system's root certificates and should avoid setting this option unnecessarily. A common exception to this recommendation are containerized applications. These often deploy without system's root certificates and need to explicitly configure a root of trust.
The value of this option should be the name of a file in PEM format. Consult your security team and/or system administrator for the contents of this file. Be aware of the security implications of adding new CA certificates to this file. Only use trustworthy sources for the CA certificates.
For REST-based libraries this configures the CAINFO option in libcurl. These are used for all credentials that require authentication, including the default credentials.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-14 UTC."],[[["\u003cp\u003eThe webpage documents different versions of \u003ccode\u003eCARootsFilePathOption\u003c/code\u003e, ranging from version 2.10.1 to the latest release candidate 2.37.0-rc, with each version having a unique page for its documentation.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eCARootsFilePathOption\u003c/code\u003e is used to configure a custom CA certificates file, which is primarily needed in containerized applications that lack system root certificates.\u003c/p\u003e\n"],["\u003cp\u003eThe configured CA file must be in PEM format and users should consult with security teams or system administrators for its contents, while being cautious about the security implications of adding new CA certificates.\u003c/p\u003e\n"],["\u003cp\u003eFor REST-based libraries, this option corresponds to the \u003ccode\u003eCAINFO\u003c/code\u003e option in libcurl, while for gRPC-based libraries, it configures the \u003ccode\u003epem_roots_cert\u003c/code\u003e parameter in \u003ccode\u003egrpc::SslCredentialsOptions\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003egRPC does not have a way to programmatically set CA certs for the default credentials, in which case the \u003ccode\u003eGRPC_DEFAULT_SSL_ROOTS_FILE_PATH\u003c/code\u003e environment variable should be used.\u003c/p\u003e\n"]]],[],null,[]]
