---
title: CA Certificate File Name
description: When the agent is configured to validate server certificates (Server Certificate Trust is false), set this property to the file name that contains a certificate or chain of certificates.
component: web-agents
version: 2025.11
page_id: web-agents:properties-reference:com.forgerock.agents.config.cert.ca.file
canonical_url: https://docs.pingidentity.com/web-agents/2025.11/properties-reference/com.forgerock.agents.config.cert.ca.file.html
---

# CA Certificate File Name

When the agent is configured to validate server certificates ([Server Certificate Trust](com.sun.identity.agents.config.trust.server.certs.html) is `false`), set this property to the file name that contains a certificate or chain of certificates.

The file should be PEM encoded. For example:

`com.forgerock.agents.config.cert.ca.file = /opt/certificates/am_ca.pem`

`com.sun.identity.agents.config.trust.server.certs = false`

Set this property only when the agent is using OpenSSL libraries. For agent using the Windows built-in Secure Channel API, add the appropriate certificates to the Windows certificate store.

Default: Empty

|                    |                                                                          |
| ------------------ | ------------------------------------------------------------------------ |
| Property name      | `com.forgerock.agents.config.cert.ca.file`   Introduced in Web Agent 4.x |
| Function           | Encryption                                                               |
| Type               | String                                                                   |
| Bootstrap property | Yes                                                                      |
| Required property  | No                                                                       |
| Restart required   | No                                                                       |