Hi everyone,
I’m facing a persistent connectivity issue with a custom Freshdesk app using invokeTemplate. The app has been working fine for months, but started failing immediately after we renewed the SSL certificate on our external API on November 13th.
The Symptoms:
Every request through invokeTemplate returns a 502 - Bad Gateway or “Connection Failed”.
The requests do not reach our server firewall (verified via network logs), meaning the connection is being dropped during the SSL handshake at the Freshworks proxy level.
Our Diagnostics:
Postman / Browsers: Work perfectly.
ngrok: If we tunnel the same API through ngrok, the app works perfectly (since ngrok provides its own valid SSL chain).
OpenSSL Check: Running openssl s_client -connect [domain]:443 -showcerts returns:
verify error:num=20:unable to get local issuer certificate
We are currently working with our IT team to ensure the intermediate certificates are correctly installed in our IIS. However, we have a specific concern regarding the Root CA.
The Question:
Our new certificate chain leads to:
Root CA: Sectigo Public Server Authentication Root R46 (Issued circa 2021).
We suspect the Freshworks platform’s trust store (Node.js/Java environments) might not yet include this relatively new Root CA.
Can anyone from the Freshworks team confirm if Sectigo Root R46 is included in the trusted CA bundle of the platform’s request proxy?
If it is not supported, is there a recommended “Cross-signed” bundle we should use to ensure compatibility?
Any insights from the community or the Freshworks engineering team would be greatly appreciated.
Best regards,