Skip to main content





Add self signed certificate to trusted root store on OutSystems

  • Edit
    Collaborate with us
    Edit this page on GitHub
  • We've been working on this article, give us your feedback by voting.

    When consuming a web service integrating with other systems over HTTPS, the server hosting such service may be using a self signed certificate (for example, for non productive web services).

    Self signed certificates or any type of certificate that isn't universally recognized (such as certificates issued by a public certificate authority are) must be added to the trusted root store of the servers that host the Platform Server. This will allow to successfully establish the trust relationship.

    When this step isn't done, errors like Could not establish trust relationship for the SSL/TLS may occur.

    OutSystems servers must have a valid SSL certificate issued by a public Certificate Authority, as described in OutSystems system requirements.

    For OutSystems Cloud environments check this article instead.

    Certificate installation

    1. Open the Microsoft Management Console (Start > MMC);
    2. Provide the self-signed certificate:
      1. Choose File > Add/Remove Snap-in;
      2. in the standalone tab, choose Add;
      3. choose the Certificates snap-in > Add;
      4. in the wizard, choose the Computer Account > Local Computer;
      5. press Finish to end the wizard;
      6. close the Add/Remove Snap-in dialog;
      7. Navigate to Certificates (Local Computer);
        1. choose the Trusted Root Certification Authorities store to import the certificate;
        2. right click the store and choose All Tasks > Import ;
        3. Follow the wizard and provide the certificate file you have.

    Export the certificate

    Export the public certificate to the following path: D:\Certificates:

    1. Still on the Microsoft Management Console;
    2. choose Certificates (Local Computer) > select the folder where the certificate was installed > Certificates;
    3. right-click on the certificate > All Tasks > Export;
    4. choose to export the certificate without the private key;
    5. choose the format to be DER encoded binary X.509 (CER);
    6. save the file into D:\Certificates.

    For environments with more than one front-end, these instructions must be followed on all front-end servers.

    • Was this article helpful?