DEPTH_ZERO_SELF_SIGNED_CERT error
DEPTH_ZERO_SELF_SIGNED_CERT error
Issue
The adapter logs show a DEPTH_ZERO_SELF_SIGNED_CERT error when attempting to connect.
Cause
This error occurs when the adapter makes an HTTPS request to a server that presents a self-signed SSL/TLS certificate, and the adapter is not configured to trust it.
What to do
Choose one of the following approaches depending on your environment.
Enable SSL in the service instance configuration. Confirm that ssl.enabled is set to true. This is required before any of the options below will apply.
Accept invalid certificates (development and testing only). Set accept_invalid_cert to true to bypass certificate validation entirely. The adapter will accept the self-signed certificate without verifying it.
Do not use accept_invalid_cert: true in production environments.
Provide a CA file (recommended for production). Save the CA file — which contains the public key of the certificate authority that issued the server’s certificate — on theItential Platform server. Set ca_file to the file path. The adapter will validate the certificate against this CA.
Install the certificate as a trusted certificate. In some environments, you may install the server’s self-signed certificate in the client’s trusted certificate store. Once installed, the adapter will recognize it as valid. Set the appropriate values under ssl in the service instance configuration. See SSL properties for the full property reference.
Obtain a certificate from a trusted CA. For production environments, the recommended approach is to replace the self-signed certificate with one issued by a recognized certificate authority. Once the server presents a trusted certificate, the error will not occur.
If you are unable to resolve the issue, contact the Itential Adapters Team with the log output.
