MID Server certificate check security policies for self-hosted customersProblem When upgrading the MID Server to Quebec, self-hosted instances may have issues with certificate authentication within their network. The MID Server can fail to connect and the agent log lists an error such as the following: 10/04/20 10:58:44 (222) Worker-Expedited:MIDWorker-9619b95fdbaf5410bc2e9b3c8a961968 WARNING *** WARNING *** Request not sent to uri= https://jenkins-alpha.lab3.service-now.com/job/triggers/job/nightly-build-completed/build?json=%7B%22parameter%22%3A%5B%7B%22name%22%3A%22branch_name%22%2C%22value%22%3A%22track%2Fdtac%22%7D%2C%7B%22name%22%3A%22branch%22%2C%22value%22%3A%22track%2Fdtac%22%7D%2C%7B%22name%22%3A%22is_nightly%22%2C%22value%22%3Atrue%7D%2C%7B%22name%22%3A%22run_tests%22%2C%22value%22%3Atrue%7D%2C%7B%22name%22%3A%22nightly_build%22%2C%22value%22%3Atrue%7D%2C%7B%22name%22%3A%22release_branch%22%2C%22value%22%3A%22release%2F19.dtac.0.9%22%7D%2C%7B%22name%22%3A%22glide_version%22%2C%22value%22%3A%2219.dtac.0.9%22%7D%2C%7B%22name%22%3A%22sys_id%22%2C%22value%22%3A%22c959cdd31be7101045782f07b04bcb39%22%7D%2C%7B%22name%22%3A%22build_properties%22%2C%22value%22%3A%22none%22%7D%2C%7B%22name%22%3A%22priority%22%2C%22value%22%3A%225%22%7D%2C%7B%22name%22%3A%22has_commits%22%2C%22value%22%3Atrue%7D%2C%7B%22name%22%3A%22force_run%22%2C%22value%22%3Afalse%7D%2C%7B%22name%22%3A%22dmt_tests%22%2C%22value%22%3A%22dmt-dynamictranslation-test%22%7D%2C%7B%22name%22%3A%22request_id%22%2C%22value%22%3A%22none%22%7D%2C%7B%22name%22%3A%22prefix%22%2C%22value%22%3A%22none%22%7D%5D%7D&cause=NightlyComplete_alpha&delay=5400&token=e90d7205a34d9304e38263657c9710c2: org.apache.commons.httpclient.HttpException: Session contains no certificates - Untrusted10/04/20 10:58:44 (224) Worker-Expedited:MIDWorker-9619b95fdbaf5410bc2e9b3c8a961968 Enqueuing: /glide/mid-pod/work/monitors/ECCSender/output_1/ecc_queue.9619b95fdbaf5410bc2e9b3c8a961968.xml10/04/20 10:58:44 (224) Worker-Expedited:MIDWorker-9619b95fdbaf5410bc2e9b3c8a961968 Worker completed: RESTProbe source: https://jenkins-alpha.lab3.service-now.com/job/triggers/job/nightly-build-completed/build time: 0:00:00.024 The error can occur when the certificate presented by the target server is not signed by a well known root Certificate Authority. This is common when certificates are self-signed in a self-hosted network. Solution If your instance name does not contain ServiceNow, or you are self-hosted, then also add this parameter to the MID Server config.xml. Replace the value with your instance name. <parameter name="mid.ssl.bootstrap.default.target_endpoint" value="FQDN_OF_THE_INSTANCE"/> Note: DO NOT include https:// or http:// and trailing '/' in the value column. The following is a correctly formatted example: <parameter name="mid.ssl.bootstrap.default.target_endpoint" value="dimension.mycompany.com"/> Bootstrap policies will be used as system_defaults and are controlled exclusively by the defined checks in config.xml: <parameter name="mid.ssl.bootstrap.default.check_cert_hostname" value="false"/> <parameter name="mid.ssl.bootstrap.default.check_cert_chain" value="false"/> <parameter name="mid.ssl.bootstrap.default.check_cert_revocation" value="false"/> The same configuration parameters must to be set to false in the MID Server Certificate Check Policies table. Note: This solution only applies to self hosted customer. If no traffic leaves the customer network then all certificate policies can be turned off on the MID Server Certificate Check Policies table.