lib/ssl-peer-ca-cert.xml

   1 <?xml version="1.0" encoding="utf-8"?>
   2 <dl>
   3   <dt><code>--peer-ca-cert=</code><var>peer-cacert.pem</var></dt>
   4   <dd>
   5     <p>
   6       Specifies a PEM file that contains one or more additional certificates
   7       to send to SSL peers.  <var>peer-cacert.pem</var> should be the CA
   8       certificate used to sign the program's own certificate, that is, the
   9       certificate specified on <code>-c</code> or <code>--certificate</code>.
  10       If the program's certificate is self-signed, then
  11       <code>--certificate</code> and <code>--peer-ca-cert</code> should specify
  12       the same file.
  13     </p>
  14     <p>
  15       This option is not useful in normal operation, because the SSL peer
  16       must already have the CA certificate for the peer to have any
  17       confidence in the program's identity.  However, this offers a way for
  18       a new installation to bootstrap the CA certificate on its first SSL
  19       connection.
  20     </p>
  21   </dd>
  22 </dl>