Add config option to use own cacert.pem file (#14113)

* fixes #13742

* add explaining text

* minor tweak as in past we had sometimes trouble accessing Config::getInstance()->General['custom_cacert_pem'] directly on some systems

shouldn't be an issue anymore, but better be safe.

1 files changed, 7 insertions, 0 deletions

diff --git a/config/global.ini.php b/config/global.ini.php
index c39876629e..f32b4104b7 100755
--- a/config/global.ini.php
+++ b/config/global.ini.php
@@ -694,6 +694,13 @@ piwik_professional_support_ads_enabled = 1
 ; The number of days to wait before sending the JavaScript tracking code email reminder.
 num_days_before_tracking_code_reminder = 5
 
+; The path to a custom cacert.pem file Matomo should use.
+; By default Matomo uses a file extracted from the Firefox browser and provided here: https://curl.haxx.se/docs/caextract.html.
+; The file contains root CAs and is used to determine if the chain of a SSL certificate is valid and it is safe to connect.
+; Most users will not have to use a custom file here, but if you run your Matomo instance behind a proxy server/firewall that
+; breaks and reencrypts SSL connections you can set your custom file here. 
+custom_cacert_pem=
+
 [Tracker]
 
 ; Matomo uses "Privacy by default" model. When one of your users visit multiple of your websites tracked in this Matomo,