Optional CA certificates(s): if you have a self-signed CA, you may want to
add the CA certificate here, to be able to verify that the server we are
connecting to is the real one. If you add it and a man-in-the-middle attack
takes place, the link will not be made.