Optional CA certificates(s): if you have a self-signed CA, you may want to add the CA certificate here, to be able to verify that the server we are connecting to is the real one. If you add it and a man-in-the-middle attack takes place, the link will not be made.