Overview
When a Connect plug‑in sends data to an HTTPS endpoint, the platform normally verifies that the server’s SSL/TLS certificate is trusted (signed by a recognised Certificate Authority, valid for the current date, and issued for the correct hostname). Development and on‑premise systems often use self‑signed, expired, or otherwise untrusted certificates. In those cases, requests fail with an SSL/TLS error and the order cannot be posted.
The Ignore SSL Certificate Validation setting lets you bypass all certificate checks for a single API connection, so that calls succeed even when the endpoint’s certificate is not trusted.
Note: This setting is only available for Connect: Flow, Connect: Switch and Connect: Hybrid
Key Setting
| Field |
Location |
Default |
Scope |
| Ignore SSL Certificate Validation (checkbox) |
Connect Plugins → Connect Flow, Connect Hybrid, or Connect Switch → Configure.
For Connect Flow the option is also available in each supplier‑level profile. |
Cleared (validation enforced) |
Only impacts the profile you edit |
Tooltip shown in the UI
“If enabled, SSL/TLS certificate validation will be bypassed, allowing connections even if the certificate is expired, self‑signed, or untrusted.”
Typical Use‑Cases
| Scenario |
Why you might enable the setting |
| Local development or CI |
Test APIs often use self‑signed certificates generated on demand. |
| Internal MIS with a private CA |
The MIS is secured by an internal root certificate that the storefront VM does not trust. |
| Temporary work‑around for an expired certificate |
You need to keep order flows running while the endpoint’s certificate is renewed. |
Step‑by‑Step Implementation Guide
-
Open the configuration panel
-
Sign in as an administrator.
-
Go to Connect Plugins and select Connect Flow, Connect Hybrid, or Connect Switch.
-
Click Configure next to the relevant Connect plugin (or the supplier profile for Connect Flow).
-
Enable certificate override
-
Test the connection
| Setting state |
Result visible in order extra‑data or job print‑order history |
| Disabled (default) |
“The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.” |
| Enabled |
Alternate, successful response from the API. |
-
Monitor & review
-
Use storefront logs or the job print‑order history to confirm that calls reach the endpoint.
-
Once the target system presents a valid CA‑signed certificate, return to the settings page and clear the checkbox to restore full verification.
Technical Notes (for advanced users)
-
The plug‑in creates an HttpClientHandler with a ServerCertificateCustomValidationCallback that always returns true, then passes it to a new HttpClient.
-
Certificate validation is skipped only for the requests made through that client instance; other HTTPS traffic in the platform still performs full validation.
-
The setting is stored per connection, so you can enable it on one API profile while leaving others secured.
Best Practice
| Do |
Avoid |
| Enable the override only in trusted or isolated networks. |
Leaving the checkbox enabled on publicly‑accessible endpoints. |
| Document why the override is active and schedule a review date. |
Relying on the override as a permanent solution instead of fixing the certificate. |
| Disable the override as soon as a valid certificate is available. |
Assuming that the override protects against man‑in‑the‑middle attacks—it does not. |
By following these steps, you can connect Connect Flow, Connect Hybrid, and Connect Switch to endpoints secured with self‑signed or untrusted certificates while keeping the rest of your storefront’s HTTPS communications fully validated.