Troubleshooting SSL Certificate Issues in DX

Troubleshooting SSL Certificate Issues in DX

Overview

This article explains how to troubleshoot SSL certificate issues in Data Exchange (DX) and how to use the "Verify SSL Certificate" setting to bypass SSL validation when needed.

1. Common SSL Certificate Issues in DX

✔ Missing CA Certificate:

• DX may fail to connect to a remote system if the Certificate Authority (CA) certificate is missing or untrusted.

• This often happens when self-signed certificates are used, or the certificate chain is incomplete.

✔ TLS Handshake Errors:

• Some environments may block DX from connecting due to strict SSL/TLS security settings.

• Running DX without verifying SSL may help isolate the issue.

✔ DX Connection Fails with HTTPS:

• If DX refuses to connect over HTTPS but works over HTTP, it may indicate an SSL certificate validation problem.

2. Using "Verify SSL Certificate" in DX

✔ Location:

• Found under File → Settings → Verify SSL Certificate

✔ Options:

• Enabled (Checked) → DX will enforce SSL certificate validation for secure connections.

• Disabled (Unchecked) → DX will bypass SSL verification, allowing connections to untrusted/self-signed certificates.

✔ When to Disable SSL Verification:

• If running DX in an internal or test environment where certificates are not fully configured.

• If troubleshooting connection failures due to SSL certificate errors.

✔ When to Keep SSL Verification Enabled:

• Always in production environments to maintain security and prevent man-in-the-middle (MITM) attacks.

3. Best Practices for Resolving SSL Certificate Issues

✅ Verify that DX has access to the correct CA certificate.

• If using a self-signed or custom certificate, ensure it is installed in the system's trust store.

✅ Check DX logs for SSL/TLS error messages.

• Look for errors such as "certificate not trusted" or "unable to verify SSL certificate".

✅ Temporarily disable SSL verification in DX (for debugging purposes).

• Navigate to File → Settings → Uncheck "Verify SSL Certificate" and test the connection.

✅ If disabling SSL verification fixes the issue, install the proper CA certificate.

• Ensure DX is configured to use a valid, trusted SSL certificate in production.

✅ Ensure HTTPS is properly configured on the server DX connects to.

• The SSL certificate must match the server hostname and be issued by a trusted CA.

4. Conclusion

• Missing or untrusted CA certificates often cause SSL certificate errors in DX.

• Temporarily disabling "Verify SSL Certificate" can help diagnose the issue, but should not be used in production.

• Properly configuring SSL certificates ensures secure communication between DX and external systems.