How to manage SSL (TLS) certificates

Server certificate validation

By default, when a remote is added, if the URL schema is https, the Conan client will verify the certificate using a list of authorities declared in the cacert.pem file located in the Conan home (~/.conan).

If you have a self signed certificate (not signed by any authority) you have two options:

  • Use the conan remote command to disable the SSL verification.

  • Append your server crt file to the cacert.pem file.

Client certificates

If your server is requiring client certificates to validate a connection from a Conan client, you need to create two files in the Conan home directory (default ~/.conan):

  • A file client.crt with the client certificate.

  • A file client.key with the private key.


You can create only the client.crt file containing both the certificate and the private key concatenated and not create the client.key

If you are a familiar with the curl tool, this mechanism is similar to specify the --cert / --key parameters.