SSL certificate checks in Zapier

SSL certificates are a very important part of the internet. These certificates allow encrypted communication between your browser and https://zapier.com. They also allow your browser to guarantee you're actually looking at the webpage we intended. Both of these details prevent would-be attackers from snooping on your private browsing or business data.

SSL certificates are also widely used when dealing with APIs. The same technology that lets your computer's browser talk securely to https://zapier.com also allows Zapier to talk securely to other web services (like Gmail, Salesforce, or Zendesk) in order to access your data on your behalf.

In order for SSL certificates to work, both parties (i.e. your browser and https://zapier.com) must "trust" an independent third-party, known as a Certificate Authority (CA), who signs every SSL certificate they issue.

There are hundreds of CAs on the internet. In fact, for SSL to work properly, the list of CAs both parties "trust" must be continually updated. Zapier keeps our supported CAs synced with Mozilla.org's CA list.

How Zapier uses SSL certificates

Zapier does checks against SSL certificates on every API call we make to ensure the data we send/receive is secure. Usually, the services we communicate with are responsible for setting up and managing the certificates, so users don't have to think about this part of the process.

Some services, however, allow you to specify your own domain (like Desk, JIRA, SugarCRM, Magento). In most cases, it's required that your domain also have its own SSL certificate for API communication to take place. More importantly, Zapier has to trust the CA that signed your SSL certificate!

It's possible that you'll purchase an SSL certificate that is issued by a CA that Zapier doesn't trust. This does not mean anything is wrong with that CA, we simply haven't added them to our list of trusted ones yet.

When Zapier encounters a certificate from an "untrusted" CA, you might see an error that the certificate verification failed.

Untrusted Certificate Authority

Disable SSL certificate checks (not recommended)

In order to get around this verification step:

  • Go to your advanced settings.
  • Click SSL check.
  • Select the Disable SSL certificate checks checkbox.

This means both parties (your server and Zapier) don't have to trust the CA in order for communication to take place. You'll still need a signed SSL certificate, but Zapier won't enforce that it's valid.

miscEye icon Note

You should only do this as a last resort. Disabling SSL checks may enable an attacker to manipulate the data sent to Zapier or eavesdrop on data sent out of Zapier to websites with said SSL certificates. If you disable SSL checks and adding an account still yields an SSL error, it's highly recommended that you revert the option back to enabled and contact Zapier support.

Zapier respects this "disable" option on a case by case basis for services. If you come across a service where you're still hitting SSL errors even after disabling the check, let us know. Currently, this option only affects:

  • Desk
  • Jira
  • QuickBooks
  • Redmine
  • RSS
  • SugarCRM
  • Webhooks
miscEye icon Note

An "SSL" error doesn't necessarily imply a certificate problem. For example: "SSLERROR: The read operation timed out" is actually not a certificate problem. This error simply indicates the remote server didn't respond to our requests in a timely manner.

Was this article helpful?
7 out of 12 found this helpful