# Inspect the [https://help.riseup.net/en/riseup-ca Riseup Certificate Authority] page and download (right-click) the [https://help.riseup.net/en/security/network-security/riseup-ca/RiseupCA.pem Riseup CA certificate]. Riseup notes:
Every CA (certificate authority) has a file that is distributed publicly. This file, called a “CA certificate”, is used by your local program to confirm the identity of servers you connect with.
# Advanced users can optionally [https://help.riseup.net/en/security/network-security/riseup-ca#verify-the-riseup-ca-certificate-optional verify the Riseup CA certificate] before storing it. If verification is not performed, then it is impossible to know the correct certificate was downloaded and that connections are secure. # Store the certificate in /etc/openvpn/RiseupCA.pem: {{CodeSelect|code= curl {{Curl_Secure}} https://help.riseup.net/security/network-security/riseup-ca/RiseupCA.pem {{!}} sudo tee /etc/openvpn/RiseupCA.pem }}