# Troubleshooting ### Unable to communicate with the Automator service There are several reasons why Keeper Commander is unable to communicate with your Automator service: * Ensure that the automator service is open to Keeper’s IP addresses. The list of IPs that must be open are found at [this Ingress Requirements](/sso-connect-cloud/device-approvals/automator/ingress-requirements.md) page. We recommend also adding your own IP address so that you can troubleshoot the connection. * If you are using a custom SSL certificate, ensure that the SSL certificate is loaded. Check the Automator log files which will indicate if the certificate is loaded by the service restart. If the IP address is open to you, you can run a health check on the command line using curl, for example:\ `curl https://automator.mycompany.com/health` * Check that the subject name of the certificate matches the FQDN. * Check that your SSL certificate includes the CA intermediate certificate chain. This is the most common issue that causes a problem. Keeper will refuse to connect to Automator if the intermediate certificate chain is missing. You can do this using openssl like the following: {% code overflow="wrap" %} ``` openssl s_client -showcerts -servername automator.company.com -connect automator.company.com ``` {% endcode %} This command will clearly show you the number of certificates in the chain. If there's only a single cert, this means you did not load the full chain. To resolve this, see **Step 4** of the [Custom SSL Certificate](/sso-connect-cloud/device-approvals/automator/custom-ssl-certificate.md) step by step instructions page. ### 400 Error in Health Checks This may occur if the healthcheck request URI does not match the SSL certificate domain. To allow the healthcheck to complete, you need to disable SNI checks on the service. This can be accomplished by setting the **disable\_sni\_check=true** in the Automator configuration or passing in the environmental variable **DISABLE\_SNI\_CHECK** with the value of "**true**". --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.keeper.io/sso-connect-cloud/device-approvals/automator/troubleshooting.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.