builder.put(Constants.FESEN_PASSWORD, password);
        }
        final String authorities = fessConfig.getFesenHttpSslCertificateAuthorities();
        if (StringUtil.isNotBlank(authorities)) {
            builder.put("http.ssl.certificate_authorities", authorities);
        }
        return new HttpClient(builder.build(), null);
    }

        final String authorities = fessConfig.getFesenHttpSslCertificateAuthorities();
        if (StringUtil.isNotBlank(authorities)) {
            if (logger.isDebugEnabled()) {
                logger.debug("Loading certificate_authorities: {}", authorities);
            }
            try (final InputStream in = new FileInputStream(authorities)) {

signs the other party's chain.

Well-Known Certificate Authorities
----------------------------------

In these examples we've prearranged which root certificates to trust. But for regular HTTPS on the
Internet this set of trusted root certificates is usually provided by default by the host platform.
Such a set typically includes many root certificates from well-known certificate authorities like
Entrust and Verisign.

	if len(m.Answers) > 0 {
		s += m.Answers[0].GoString()
		for _, a := range m.Answers[1:] {
			s += ", " + a.GoString()
		}
	}
	s += "}, Authorities: []dnsmessage.Resource{"
	if len(m.Authorities) > 0 {
		s += m.Authorities[0].GoString()
		for _, a := range m.Authorities[1:] {
			s += ", " + a.GoString()
		}
	}
	s += "}, Additionals: []dnsmessage.Resource{"
	if len(m.Additionals) > 0 {

import okio.ByteString.Companion.toByteString

/**
 * Constrains which certificates are trusted. Pinning certificates defends against attacks on
 * certificate authorities. It also prevents connections through man-in-the-middle certificate
 * authorities either known or unknown to the application's user.
 * This class currently pins a certificate's Subject Public Key Info as described on

	metav1.TypeMeta

	// Certificates holds a list of certificates to show expiration information for.
	Certificates []Certificate `json:"certificates"`

	// CertificateAuthorities holds a list of certificate authorities to show expiration information for.
	CertificateAuthorities []Certificate `json:"certificateAuthorities"`

	metav1.TypeMeta

	// Certificates holds a list of certificates to show expiration information for.
	Certificates []Certificate

	// CertificateAuthorities holds a list of certificate authorities to show expiration information for.
	CertificateAuthorities []Certificate

				normal args related to this stage:
					--client-ca-file string   If set, any request presenting a client certificate signed by
						one of the authorities in the client-ca-file is authenticated with an identity
						corresponding to the CommonName of the client certificate.

					(retrievable from "kube-apiserver --help" command)
					(suggested by @deads2k)

		cas = append(cas, h)
	}

	sort.Slice(cas, func(i, j int) bool { return cas[i].Name < cas[j].Name })

	return cas
}

// RenewUsingLocalCA executes certificate renewal using local certificate authorities for generating new certs.
// For PKI certificates, use the name defined in the certsphase package, while for certificates
// embedded in the kubeConfig files, use the kubeConfig file name defined in the kubeadm constants package.

 * chain. The chain terminates in a self-signed "root" certificate. Signing certificates in the
 * middle of the chain are called "intermediates". Organizations that offer certificate signing are
 * called certificate authorities (CAs).
 *
 * Browsers and other HTTP clients need a set of trusted root certificates to authenticate their
 * peers. Sets of root certificates are managed by either the HTTP client (like Firefox), or the