FI Finnish
SE Swedish
FR French
PL Polish
DE German
US English (US)

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

English (US)
FI Finnish
SE Swedish
FR French
PL Polish
DE German
US English (US)
  • Log in
  • Home
  • Identity Governance and Administration (IGA)
  • IGA solution library
  • Instructions & guidelines
  • FAQs

EPE - Certificates for Native Connectors explained

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Service Management
    Matrix42 Professional Solution Matrix42 Core Solution Enterprise Service Management Matrix42 Intelligence
  • Identity Governance and Administration (IGA)
    IGA overview IGA solution library
  • Platform
    ESM ESS2 ESS Efecte Chat for Service Management Integrations Add-ons
  • Release Notes for M42 Professional, IGA, Conversational AI
    2026.1 2025.3 2025.2 2025.1 2024.2 2024.1 2023.4 2023.3 2023.2 2023.1 2022.4 2022.3 Release Information and Policies
  • Other Material
    Terms & Documentation Guidelines Accessibility Statements
  • Services
+ More

    • Service Management

    • Identity Governance and Administration (IGA)

    • Platform

    • Release Notes for M42 Professional, IGA, Conversational AI

    • Other Material

    • Services

EPE - Certificates for Native Connectors explained

Certificates for Native Connectors

When a Native Connector communicates with another source/target system (such as Active Directory, LDAP, or an API), it uses a secure connection (HTTPS or LDAPS). For this connection to work, the connector must trust the target system. And this trust is based on certificates.

Native Connectors do not trust any certificates by default for security reasons. This means source/target systems certificates must always be installed manually to Native Connectors.

 

What certificate do you need?

You need to install to Native Connector the certificate of the source/target system, or more precisely, the certificate that proves it is trustworthy. E.g. if you are connecting to Active Directory, you need Active Directory root certificate. And e.g if you are connecting to some API endpoint, you need that API's root certificate.

In practice, this means one of the following:

Option 1 (recommended)
Root CA certificate
The main authority that issued the certificate (highest on certificate chain).

Option 2
Intermediate CA certificate(s)
These may exist between the root and the server.

Option 3 (fallback only, not recommended for production usage as these expire very frequently)
Server certificate
The actual certificate of the target system.

Simple mental model how you can think of certificates needed for Native Connectors

The source/target system presents a certificate when the connector connects.
The connector checks who issued that certificate.
If the connector trusts that issuer, the connection is allowed.

Because Native Connectors do not trust any certificates by default, you must explicitly install that to allow Native Connector to trust it.

How do you know what to install?

If your source/target system REST API is public SaaS solution, you can fetch their root certificate from their site on internet.

Or ask your IT team or system owner:

“Please provide the Root certificate for this system on base64 encoded PEM format.”

Or:

“What CA (Certificate Authority) signed this system’s certificate? Download that on base64 encoded PEM format”

Common mistakes

  • Using expired certificates
  • Using certificates from the wrong environment (test vs production)

What happens when it works?

  • The connector connects successfully
  • No SSL or TLS errors
  • Data flows normally

What happens when it is wrong?

You may see errors such as:

  • “SSL handshake failed”
  • “PKIX path building failed”
  • “Unable to find valid certification path”

These typically mean the Native Connector does not trust the certificate.

How to install certificates

Only Matrix42 can install certificates to Native Connectors, connect Matrix42 to install certificates.

 

 

 

certificates native connector

Was this article helpful?

Yes
No
Give feedback about this article

Table of Contents

Related Articles

  • How to Add or Reduce Language Options to ESA Login Page
  • EPE How to Handle onPremisesExtensionAttributes
  • EPE How to Handle Entra Application Extension Attributes
  • EPE - How to Test Entra ID Graph API (Azure) Queries

Copyright 2026 – Matrix42 Professional.

Matrix42 homepage


Knowledge Base Software powered by Helpjuice

0
0
Expand