Configures a custom CA (Certificates Authority) certificates file.
Most applications should use the system's root certificates and should avoid setting this option unnecessarily. A common exception to this recommendation are containerized applications. These often deploy without system's root certificates and need to explicitly configure a root of trust.
The value of this option should be the name of a file in PEM format. Consult your security team and/or system administrator for the contents of this file. Be aware of the security implications of adding new CA certificates to this file. Only use trustworthy sources for the CA certificates.
For REST-based libraries this configures the CAINFO option in libcurl. These are used for all credentials that require authentication, including the default credentials.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-14 UTC."],[[["This document outlines the various versions of the `CARootsFilePathOption`, with version 2.37.0-rc being the latest release candidate and version 2.12.0 being the lowest listed, with many versions in between."],["The `CARootsFilePathOption` allows users to configure a custom Certificate Authority (CA) certificates file, primarily for applications that don't utilize the system's root certificates, such as containerized applications."],["The file provided to `CARootsFilePathOption` should be in PEM format, and it is highly recommended to consult with security teams or system administrators regarding the file's contents due to security implications."],["This option impacts both REST-based libraries using libcurl's CAINFO option and gRPC-based libraries through the `pem_roots_cert` parameter, and it allows authentication and default credentials."],["Setting the `CARootsFilePathOption` does not affect `MakeGoogleDefaultCredentials()` or `MakeServiceAccountCredentials()` in gRPC, and users should consider using the `GRPC_DEFAULT_SSL_ROOTS_FILE_PATH` environment variable in those instances, especially given the need for updates to revoked or expired CA certificates."]]],[]]
