I trying to setup a secure connection between Tulip and Highbyte & Node Red. I have a key/cert pair provided by IT but it only provides a corporate cert, it is not “chained” back to a root CA.
It’s interesting that insecure connections are allowed, but not self-signed certs or ones that can’t be tracked back to a root CA.
Is this intentional? Is there a work around?
Not clear what is connecting to what 
Are you writing from nodered into Highbyte?
I have the cert loaded to both Node Red and Highbyte (separate use cases).
The problem is that Tulip will not use the cert IT provided because it doesn’t chain all the way down to a root CA, and yet it does allow insecure connections.
Self-signed certs are not ideal, but refusing to use them while allowing insecure connections seems inconsistent.
Where exactly are you loading the certificate? And what method are you using to make the connection?
The cert is loaded into Node Red and Highbyte.
The problem is when I create the connector for the connector function, the Test fails with either self-signed-certificat, or with the IT cert, unable to verify the first certificate.
Ahh, ok I think I’m following now more. So you have an http endpoint node and you can connect just fine using http. But when you try to use https you throw errors. I always hate certs from what I know of self-signed-certs there would have to be a method to configure the connector to trust your CA, not impossible but not trivial. And as you have noticed with the other cert yes SSL is picky about verifying the chain. If you wanted that to work you could try the let’s encrypt route, or have IT give you a proper cert All that to say, I don’t think I mentioned anything you already don’t know