--- title: OpenSSL Certificate Verification Depth description: (OpenSSL only) Specifies how deeply the agent verifies AM's server certificate before deciding the certificate is not valid. component: web-agents version: 2025.11 page_id: web-agents:properties-reference:org.forgerock.agents.config.cert.verify.depth canonical_url: https://docs.pingidentity.com/web-agents/2025.11/properties-reference/org.forgerock.agents.config.cert.verify.depth.html --- # OpenSSL Certificate Verification Depth (OpenSSL only) Specifies how deeply the agent verifies AM's server certificate before deciding the certificate is not valid. The depth is the maximum number of CA certificates that are followed while verifying the server certificate. If the certificate chain is longer than allowed, the certificates above the limit are ignored. The property accepts the following values: * `0`: Only self-signed certificates are accepted. * `1`: Client certificates can be self-signed or must be signed by a CA which is directly known to the agent container. * `2` or more: A chain of the specified number of certificates, including the previous ones. For example, the value `5` allows certificates from level `0` to level `5`. This property is relevant only when server certificates are validated ([Server Certificate Trust](com.sun.identity.agents.config.trust.server.certs.html) is `false`). Default: `9` | | | | ------------------ | ----------------------------------------------------------------------------- | | Property name | `org.forgerock.agents.config.cert.verify.depth`   Introduced in Web Agent 4.x | | Function | Encryption | | Type | Integer | | Bootstrap property | Yes | | Required property | No | | Restart required | No |