How to Configure SSL Certificate Validation for Rapise AI Server (Self-Signed & ZScaler)

The rapise-ai-server is built on Node.js. By default, Node.js uses its own internal list of trusted Certificate Authorities (CAs) and does not automatically read from the Windows Certificate Store. Because of this, if your network uses a corporate proxy like ZScaler, or if you are connecting to a staging environment with a self-signed certificate, the AI server will block the connection.

To resolve this, you can configure the environment variables for the server using a .env file.

Where to place the .env file

You can define your environment variables in one of two locations, depending on whether you want the fix to be global or specific to a framework:

• Global Configuration: Create a .env file at C:\ProgramData\Inflectra\Rapise\.env. This will apply to all frameworks opened on this machine.

• Framework-Specific Configuration: Create a .env file directly inside the root folder of your currently opened Rapise framework.

Open the .env file in a text editor (like Notepad) and add one of the following options.

Option 1: Trust a Specific Certificate (Recommended)

If you have a specific custom certificate (e.g., a corporate ZScaler root certificate or a staging server certificate), you can explicitly tell Node.js to trust it.

Add the following line to your .env file, pointing to the absolute path of your certificate:

NODE_EXTRA_CA_CERTS=C:\ProgramData\Inflectra\Rapise\EC2AMAZ-G9999NP.crt

⚠️ Important Notes for Option 1:

• Format: The certificate file must be in PEM / Base-64 encoded text format. (If you open the .crt file in Notepad, it should start with -----BEGIN CERTIFICATE-----).

• Single File Only: Node.js does not support a comma-separated list of files. If you need to trust multiple custom certificates, you must copy and paste the plain text of all certificates into one single .pem or .crt file, and point the variable to that combined file.

Option 2: Ignore All Certificate Errors (Quick / Dev Only)

If you are strictly working in a secure local or staging environment and simply want to bypass all SSL validation checks, you can disable them entirely.

Add the following line to your .env file:

NODE_TLS_REJECT_UNAUTHORIZED=0

Note: When this option is active, Node.js will successfully connect, but you may see a console warning stating that TLS connections are insecure. This is normal and expected behavior.

Applying the Changes

After creating or modifying the .env file, you must restart Rapise (and the rapise-ai-server component) for the new environment variables to take effect.