Configures a custom CA (Certificates Authority) certificates file.
Most applications should use the system's root certificates and should avoid setting this option unnecessarily. A common exception to this recommendation are containerized applications. These often deploy without system's root certificates and need to explicitly configure a root of trust.
The value of this option should be the name of a file in PEM format. Consult your security team and/or system administrator for the contents of this file. Be aware of the security implications of adding new CA certificates to this file. Only use trustworthy sources for the CA certificates.
For REST-based libraries this configures the CAINFO option in libcurl. These are used for all credentials that require authentication, including the default credentials.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-05 UTC."],[[["This document outlines the various versions of the `CARootsFilePathOption`, ranging from the latest release candidate (2.37.0-rc) down to version 2.10.1, all related to setting a custom file path for Certificate Authority (CA) certificates."],["The `CARootsFilePathOption` allows users to specify a file containing trusted CA certificates in PEM format, which is particularly useful for containerized applications that may not have the system's root certificates."],["Setting custom CA certificates carries security implications, users must only use trustworthy sources for the CA certificates, as they can be revoked or expired, requiring periodic updates."],["While this option works for both REST-based (libcurl's CAINFO) and gRPC-based (pem_roots_cert) libraries, it does not affect the default credentials with `MakeGoogleDefaultCredentials()` or `MakeServiceAccountCredentials()`, so the environment variable `GRPC_DEFAULT_SSL_ROOTS_FILE_PATH` must be used in these cases."]]],[]]
