Troubleshooting SSL Issues
Symptoms
Sometimes, complex network setups involve changing multiple settings so that tools can connect to the internet. Besides the firewall changes to permit the connections, a very common type of error is SSL/TLS-related.
Usually, these error messages contain SSL, TLS, OpenSSL, certificate verify failed, SSL handshake error, and similar.
This page will provide some quick steps to solve these types of problems. If you want to dive deeper, you can read a more detailed explanation in our FAQ pages for MITM Firewall setups and TLS Problems.
Solution
-
Create a config file with the following content:
-
For example, on Windows:
C:\programdata\robocorp-openssl\openssl.cnfnodejs_conf = openssl_init [openssl_init] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] Options = UnsafeLegacyRenegotiation
-
-
Add an environment variable
OPENSSL_CONFthat points to the config file.- Example:
OPENSSL_CONF=C:\programdata\robocorp-openssl\openssl.cnf
- Example:
-
Ask your IT for the root SSL/TLS certificates used by your firewall or proxy in case they have one.
- The certificate should be in PEM format and look like this:
- The certificate should be in PEM format and look like this:
-
Create/edit a profile using Setup Utility > Profile Management:
- Make sure you have
SSL no revokeandSSL Legacy Renegotiation Allowedchecked - Click on
Add Certificateand select the PEM-format certificate from the last step
- Make sure you have
After finishing these steps, please also make sure the robots you want to run have the minimum required versions to overcome these problems, namely:
Python 3.10.12 is enables the use of robocorp-truststore, which in turn enables:
--use-feature=truststore-flag that guides pip also to leverage system certificates.
These steps should solve the majority of SSL/TLS-related issues. If they don't, please contact your IT to ensure the network is properly configured for our tooling to work.