In this scenario, the client needs a CA-signed copy of the queen’s certificate. The location of this certificate can be specified with SSLTrustedCAFilename, or as a chain of trusted certificates using the SSLTrustedCADir parameter. For more specific information on using a certificate chain, see Queen-Side SSL Parameters.