Use a Custom CA
Trust a private certificate authority for one request.
Private services often use certificates signed by an internal certificate
authority. Restish uses the normal system trust store by default; add
--rsh-ca-cert when one request should also trust your organization’s CA file.
restish --rsh-ca-cert ./corp-ca.pem https://service.internal.test/items
Prerequisite: corp-ca.pem is the PEM-encoded CA certificate that signed the
server certificate. Replace service.internal.test with the internal host you
need to reach.
Inspect the chain first:
restish cert --rsh-ca-cert ./corp-ca.pem https://service.internal.test
The cert command helps confirm that the server presents the certificate chain
you expect before you debug application-level behavior. For repeated internal
requests, store TLS settings in a profile as described in TLS.
Related: TLS, Utility Commands, Global Flags.