---
title: tls.client.certificate.is_unknown_ca
summary: null
url: >-
  https://www.fastly.com/documentation/reference/vcl/variables/client-connection/tls-client-certificate-is-unknown-ca
---

**Type:** BOOL  
**Access:** read-only

**Available in:** recv, hash, deliver, log

True if this connection is set to mutual TLS optional mode and the valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or could not be matched with a known trust anchor.