The ca-file slot of a secure-config can contain the path of a file with a list of trusted certificates in PEM format. The ca-path slot can contain the path of a directory of trusted certifications.

One of these slots are required to be specified so that secure client sockets can verify server certificates.

See http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html for details.