SSL Certificate Configuration

September 30, 2025 · View on GitHub

OptILLM now supports SSL certificate verification configuration to work with self-signed certificates or corporate proxies.

Usage

⚠️ WARNING: Only use this in development environments. Disabling SSL verification is insecure.

python optillm.py --no-ssl-verify

export OPTILLM_SSL_VERIFY=false
python optillm.py

For corporate environments with custom Certificate Authorities:

python optillm.py --ssl-cert-path /path/to/ca-bundle.crt

export OPTILLM_SSL_CERT_PATH=/path/to/ca-bundle.crt
python optillm.py

Option	Environment Variable	Default	Description
`--ssl-verify` / `--no-ssl-verify`	`OPTILLM_SSL_VERIFY`	`true`	Enable/disable SSL certificate verification
`--ssl-cert-path`	`OPTILLM_SSL_CERT_PATH`	`""`	Path to custom CA certificate bundle

SSL configuration applies to:

# Disable SSL verification temporarily
python optillm.py --no-ssl-verify --base-url https://localhost:8443/v1

# Use corporate certificate bundle
python optillm.py --ssl-cert-path /etc/ssl/certs/corporate-ca-bundle.crt

docker run -e OPTILLM_SSL_VERIFY=false optillm

Never disable SSL verification in production - This makes your application vulnerable to man-in-the-middle attacks
Use custom CA bundles instead - For corporate environments, provide the proper CA certificate path
Warning messages - When SSL verification is disabled, OptILLM will log a warning message for security awareness

Run the SSL configuration test suite:

python -m unittest tests.test_ssl_config -v

This validates: