Skip to content

Kirby 4.3.0


Overrides the defaults for requests to remote servers

This option defines global default values for all requests that are made with the Kirby\Http\Remote class.


return [
    'remote' => [
        'agent'   => 'My Awesome Site',
        'timeout' => 20

Configuring the list of allowed certificate authorities (CAs) for HTTPS requests

The security of remote requests to HTTPS URLs relies on the validity of the certificate chain. A well-known certificate authority must have signed the server certificate so that you and Kirby can be sure that the HTTPS connection is secure and was not tampered with. The allowed certificate authorities are listed in a so-called CA bundle.

Kirby ships with a CA bundle based on the Mozilla CA list. We keep that CA bundle up-to-date with new Kirby releases.

If you want to use a different CA bundle or disable verification completely (not recommended!), you can set the option:


return [
    'remote' => [
        'ca' => ...

Options are:

  • An absolute path to a CA file in .pem format
  • An absolute path to a CA directory with certificate files that cURL can understand
  • The special value Remote::CA_INTERNAL for Kirby's internal CA (default)
  • The special value Remote::CA_SYSTEM to use the CA bundle that is configured in php.ini or that was defined when PHP was compiled
  • false to disable TLS verification completely (not recommended!)

We recommend to use the CA bundle of your server operating system. This file is generally updated from system packages and therefore the most up-to-date list you can have.

If a CA bundle is configured in php.ini in the curl.cainfo option, Kirby will use this bundle by default by switching to the default value Remote::CA_SYSTEM. You can still override this default with the option as explained above.