# Inspect the [https://help.riseup.net/en/riseup-ca Riseup Certificate Authority] page and download (right-click) the [https://help.riseup.net/en/security/network-security/riseup-ca/RiseupCA.pem Riseup CA certificate]. <ref>Riseup notes: <blockquote>Every CA (certificate authority) has a file that is distributed publicly. This file, called a “CA certificate”, is used by your local program to confirm the identity of servers you connect with.</blockquote></ref>
# Advanced users can optionally [https://help.riseup.net/en/security/network-security/riseup-ca#verify-the-riseup-ca-certificate-optional verify the Riseup CA certificate] before storing it. <ref>If verification is not performed, then it is impossible to know the correct certificate was downloaded and that connections are secure.</ref>
# Store the certificate in <code>/etc/openvpn/RiseupCA.pem</code>:

{{CodeSelect|code=
curl {{Curl_Secure}} https://help.riseup.net/security/network-security/riseup-ca/RiseupCA.pem {{!}} sudo tee /etc/openvpn/RiseupCA.pem
}}