Skip to content

Configuring trusted root certificates

If your server establishes connections to https://api.amdt.io, you must ensure that the server trusts the correct root certificate.

The need for manual intervention depends on your network configuration:

  • Behind an SSL/TLS Inspection Firewall: You’ll need to install the trusted root certificate on the firewall itself. Contact your firewall administrator or vendor for assistance.

  • Direct HTTPS Connections: If the server connects directly to api.amdt.io over HTTPS, Windows might automatically retrieve the required root certificate via the Automatic Root Certificates Update feature.

Info

Your network configuration may also impact the connection between the octoplant server and octoplant pro hub.

Check Automatic Root Certificates Update setting

To verify or configure this feature:

  1. Open Local Group Policy Editor by running the following command: gpedit.msc.

  2. Go to Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication settings > Automatic Root Certificates Update.

  3. Ensure Automatic Root Certificates Update is set to either:

    • Not Configured, or
    • Disabled

  4. To trigger the update manually, launch Microsoft Edge (not a third-party browser such as Firefox) on the server and go to https://api.amdt.io.

    • If the page loads without a certificate error, the required root certificate is likely installed.
    • A 404 - Not Found response is acceptable and simply indicates that the page itself does not exist.
      The critical point is that no certificate error occurs when establishing the secure connection.

Info

Always use Microsoft Edge for this check. Browsers like Firefox maintain their own certificate stores and do not reliably reflect Windows trust settings.

Manually importing the root certificate

If you continue to experience trust issues with https://api.amdt.io, you can manually import the required root certificate.
We recommend resolving the issue through automatic updates, but you can use manual import as an alternative.

Step 1 — Export the root certificate from a machine with internet access

  1. Open Command Prompt.

  2. Run the following command to generate a file containing all root certificates from Windows Update: certutil -generateSSTFromWU C:\AllRootCAs.sst

  3. Open the SST file in Windows Explorer: explorer C:\AllRootCAs.sst.

  4. In the Certificate Manager view, locate the Sectigo Public Server Authentication Root R46 certificate.

  5. Right-click the certificate and select All Tasks > Export.

  6. Use the wizard to export it as a DER encoded X.509 (.cer) file.

Step 2 — Import the root certificate on the server

  1. Transfer the exported .cer file to the target server.

  2. On the server, open the Certificate Manager by running certmgr.msc.

  3. In Certificate Manager, import the .cer file into the Trusted Root Certification Authorities store.

Once imported, the server should recognize api.amdt.io as a trusted host, enabling proper operation of VDogHubUpload.

For further details, consult the following Microsoft documentation: