The cacert.pem file

The cacert.pem file is used to validate the Verify tenant server TLS certificate. It has a list of certificate authorities that are acceptable signers of the server certificate.

A cacert.pem.sample file is copied to cacert.pem if the cacert.pem does not exist.

This file contains a list of all the trusted certificate authorities so that the server certificates that are signed by these CAs are accepted. The Verify tenant TLS server certificate signing authorities are the only entries that are required to be in the cacert.pem file. If you want to, you can remove any unneeded CAs from the file.