Troubleshooting SSL Issues


Sometimes, complex network setups involve changing multiple settings so that tools can connect to the internet. Besides the firewall changes to permit the connections, a very common type of error is SSL/TLS-related.

Usually, these error messages contain SSL, TLS, OpenSSL, certificate verify failed, SSL handshake error, and similar.

This page will provide some quick steps to solve these types of problems. If you want to dive deeper, you can read a more detailed explanation in our FAQ pages for MITM Firewall setups and TLS Problems.


  • Create a config file with the following content:

    • For example, on Windows: C:\programdata\robocorp-openssl\openssl.cnf

      nodejs_conf = openssl_init [openssl_init] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] Options = UnsafeLegacyRenegotiation
  • Add an environment variable OPENSSL_CONF that points to the config file.

    • Example: OPENSSL_CONF=C:\programdata\robocorp-openssl\openssl.cnf
  • Ask your IT for the root SSL/TLS certificates used by your firewall or proxy in case they have one.

    • The certificate should be in PEM format and look like this: pem-format-example
  • Create/edit a profile using Setup Utility > Profile Management:

    • Make sure you have SSL no revoke and SSL Legacy Renegotiation Allowed checked
    • Click on Add Certificate and select the PEM-format certificate from the last step


After finishing these steps, please also make sure the robots you want to run have the minimum required versions to overcome these problems, namely:

channels: - conda-forge dependencies: - python=3.10.12 - pip=23.2.1 - robocorp-truststore=0.8.0 - pip: - --use-feature=truststore - rpaframework==27.4.1 # or later - robocorp==1.0.0 # or later

Python 3.10.12 is enables the use of robocorp-truststore, which in turn enables:
--use-feature=truststore -flag that guides pip also to leverage system certificates.

These steps should solve the majority of SSL/TLS-related issues. If they don't, please contact your IT to ensure the network is properly configured for our tooling to work.

Last edit: October 24, 2023