...
certificate(local pathname)- Optional path to a file with one or more CA certificate to trust.
checkRevocation("off", "entityOnly", "fullChain") (defaults to "off") (Version 2.4 and Above)- Controls the behavior of CRL checking by the trust engine. If omitted or set to "off", no CRLs are used at all. The other options require that at least one CRL be available and will fail the check otherwise. The "fullChain" option requires that a CRL be available for all untrusted certificates in the validation path, otherwise only a CRL for the end entity certificate is required.
Child Elements
<CredentialResolver>(optional)- A credential resolver plugin to use to load the CA certificate(s) to trust.