how to close 'SSL_CERT_VERIFY ' when gateway calling a rest tool whose protocol is https？

[hudiehule]

i want to create a rest tool. the url of tool is 'https:xxx'. then i get the error "httpcore.ConnectError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1010)" when calling the tool. how can i close the SSL_CERT_VERIFY when calling the tool.

[crivetimihai]

Hi @hudiehule, thanks for the detail. Could you confirm whether this is a server cert trust-chain issue or self-signed cert handling so I can direct you to exact config (SSL_VERIFY, cert chain, and transport overrides).

[crivetimihai]

Hi @hudiehule, to disable SSL certificate verification for REST tools calling HTTPS endpoints with self-signed certificates:

Set this environment variable:

SKIP_SSL_VERIFY=true

This disables SSL verification for all outbound HTTPS requests — REST tools, federation, upstream MCP servers, LLM providers, A2A agents (config.py:710-716). The httpx client sets verify=not settings.skip_ssl_verify (http_client_service.py:124).

In Docker Compose:

environment:
  SKIP_SSL_VERIFY: "true"

In Helm:

helm upgrade mcp-stack charts/mcp-stack -n mcp-private \
  --set "mcpContextForge.config.SKIP_SSL_VERIFY=true"

The value exists in values.yaml:364 and defaults to "false".

Security warning: This disables SSL verification globally. For production with self-signed or internal CA certs, the better approaches are:

1. Per-gateway CA certificate — add your CA cert when registering the upstream server:

POST /gateways
{
  "name": "my-server",
  "url": "https://my-server:9000",
  "ca_certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"
}

The ca_certificate field (db.py:4595) creates a custom SSL context for that specific gateway connection.

2. System trust store — add your CA certificate to the system's CA bundle so Python's SSL trusts it natively.