Skip to main content

NIM

Certificates

Certificates perform two functions in NIM:

Certificates are stored (encrypted) in C:\ProgramData\Tools4ever\NIM\config\certs.

All certificates imported into NIM must be in .pfx or .p12 format. Certificates used to connect to REST systems must be obtained from the provider (e.g., Microsoft or Google). For HTTPS, self-signed certificates may be used.

To import a certificate, Add a certificate.

To enable HTTPS, Configure HTTPS.

In order to be notified of a pending certificate expiration, follow along with the Certificate Expiration Notification Tutorial.

Troubleshooting

In some cases, the certificate list will not load. Inspect the NIM logs and look for errors such as the following:

{"context":"","level":"verbose","message":"ACME: HTTP request: get https://acme-v02.api.letsencrypt.org/directory","timestamp":"2025-08-22T17:42:27.325Z"}
{"context":"","level":"verbose","message":"ACME: Caught UNABLE_TO_GET_ISSUER_CERT_LOCALLY, retry attempt 1/5 to URL https://acme-v02.api.letsencrypt.org/directory","timestamp":"2025-08-22T17:42:27.408Z"}
{"context":"","level":"verbose","message":"ACME: Unable to locate or parse retry-after response header, waiting 5 seconds","timestamp":"2025-08-22T17:42:27.408Z"}
{"context":"","level":"verbose","message":"ACME: Caught UNABLE_TO_GET_ISSUER_CERT_LOCALLY, retry attempt 2/5 to URL https://acme-v02.api.letsencrypt.org/directory","timestamp":"2025-08-22T17:42:32.512Z"}
{"context":"","level":"verbose","message":"ACME: Unable to locate or parse retry-after response header, waiting 10 seconds","timestamp":"2025-08-22T17:42:32.512Z"}
{"context":"","level":"verbose","message":"ACME: Caught UNABLE_TO_GET_ISSUER_CERT_LOCALLY, retry attempt 3/5 to URL https://acme-v02.api.letsencrypt.org/directory","timestamp":"2025-08-22T17:42:42.604Z"}
{"context":"","level":"verbose","message":"ACME: Unable to locate or parse retry-after response header, waiting 15 seconds","timestamp":"2025-08-22T17:42:42.604Z"}
{"context":"","level":"verbose","message":"ACME: Caught UNABLE_TO_GET_ISSUER_CERT_LOCALLY, retry attempt 4/5 to URL https://acme-v02.api.letsencrypt.org/directory","timestamp":"2025-08-22T17:42:57.693Z"}
{"context":"","level":"verbose","message":"ACME: Unable to locate or parse retry-after response header, waiting 20 seconds","timestamp":"2025-08-22T17:42:57.693Z"}
{"context":"","level":"verbose","message":"ACME: Caught UNABLE_TO_GET_ISSUER_CERT_LOCALLY, retry attempt 5/5 to URL https://acme-v02.api.letsencrypt.org/directory","timestamp":"2025-08-22T17:43:17.764Z"}
{"context":"","level":"verbose","message":"ACME: Unable to locate or parse retry-after response header, waiting 25 seconds","timestamp":"2025-08-22T17:43:17.765Z"}

Such errors mean that there is an error in web filtering or there is a certificate that is not trusted. To resolve this issue, you can make a change to NIM's registry keys.

  1. On the NIM server, open the registry editor.

  2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NIM\.

  3. Create a new key called env.

  4. Depending on your need, create one or both of the following String values:

    1. NODE_EXTRA_CA_CERTS. NIM will trust certificate files listed in this value. Provide the full path to the .cer file. E.g., C:\ProgramData\Tools4ever\NIM\config\certs\MyCert.cer

    2. NODE_TLS_REJECT_UNAUTHORIZED. Set this value to 0 to allow NIM to accept unauthorized certificates.

cert-troubleshooting-regkeys.jpg