For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Open sourceSupportFAQsDocs Home
DocumentationAPI referenceRelease notes
DocumentationAPI referenceRelease notes
  • Release notes
    • Overview
    • Changelog
      • Overview
      • Adapter Email replaced
      • AngularJS libraries removed
      • Ansible Playbook task response fixed
      • Automation Catalog deprecated and removed
      • Customizable UI not allowed in Platform 6
      • Decision task replaced by Evaluation task
      • Default adapter protocol
      • Delete Variables API removed
      • Dot notation not allowed in job variable names
      • ENC encryption deprecated
      • Form Builder removed
      • Get Server Health API changed
      • Itential Tools updated
      • OperationId tasks removed in Platform 6
      • Operational Data tab removed in Config Manager
      • Pre-Builts deprecation
      • Profiles deprecation
      • pushToArray requires preexisting arrays
      • Reduced integration responses
      • Remove default self-signed TLS certificates from container image
      • Retrieve references endpoint replaced
      • Server name property replaced
      • Service Catalog and Service Catalog Builder removed
      • Verify Config task removed
LogoLogo
Open sourceSupportFAQsDocs Home
On this page
  • Before you begin
  • What changed
  • Provide TLS certificates
  • Certificate requirements
  • Configure certificate paths
  • Choose the right certificate type
  • Generate self-signed certificates for testing
  • Troubleshoot certificate issues
  • Itential Platform fails to start
Release notesBreaking changes

Remove default self-signed TLS certificates from container image

Was this page helpful?
Previous

Server name property replaced

Next
Built with

Platform 6 requires you to provide your own TLS certificates. Platform 6 container image no longer includes default self-signed TLS certificates.

Before you begin

This breaking change affects you if you:

  • Upgrade to Platform 6 from a previous version
  • Use HTTPS/TLS connectivity with Itential Automation Platform
  • Previously used the default self-signed certificates included in the container

What changed

Previous versions of the Platform 6 container image included default self-signed TLS certificates. Platform 6 removes these certificates. You must provide your own certificates and keys for TLS/HTTPS connectivity.

This change follows security best practices. You maintain full control over your certificate lifecycle, including generation, signing, and management.

Provide TLS certificates

Certificate requirements

Provide TLS certificates that meet the following requirements:

  • X.509 format
  • Certificate file (.crt or .pem)
  • Private key file (.key)

You can configure the file location and naming through environment variables or property files.

Configure certificate paths

Set the certificate and key file paths using one of the following methods:

Option 1: Environment variables

$ITENTIAL_WEBSERVER_HTTPS_CERT=/path/to/your/certificate.crt
$ITENTIAL_WEBSERVER_HTTPS_KEY=/path/to/your/private-key.key

Option 2: Property file variables

1webserver_https_cert=/path/to/your/certificate.crt
2webserver_https_key=/path/to/your/private-key.key

Choose the right certificate type

Use the following certificate types based on your environment:

  • Testing and development — Self-signed certificates
  • Production — Certificates signed by a trusted Certificate Authority (CA)

Generate self-signed certificates for testing

To generate self-signed certificates for testing, use OpenSSL:

$openssl req -x509 -newkey rsa:4096 -nodes \
>  -keyout itential-platform.key \
>  -out itential-platform.crt \
>  -days 365 \
>  -subj "/CN=your-hostname"

Only use self-signed certificates in non-production environments.

Troubleshoot certificate issues

Itential Platform fails to start

Itential Platform fails to start with an error message when certificates are missing or paths are incorrect:

2026-02-05T12:24:35.462Z - error: origin=/opt/itential/platform/server/startup.js:1, 
message=[ 'Fatal error during startup' ], 
error=[ Error: TLS file not found: /etc/ssl/itential/itential-platform.key

To resolve this issue:

  1. Verify that certificate and key files exist at the specified paths.
  2. Verify that the container has read permissions for the certificate files.
  3. Verify that the paths in your environment variables or property files are correct.
  4. Verify that the certificate and key files use properly formatted X.509 certificates.