diff --git a/Data/Agent/agent.py b/Data/Agent/agent.py
index aaaa749..1647f78 100644
--- a/Data/Agent/agent.py
+++ b/Data/Agent/agent.py
@@ -931,8 +931,15 @@ class AgentHttpClient:
             context = None
             if isinstance(verify, str) and os.path.isfile(verify):
                 try:
-                    context = ssl.create_default_context(cafile=verify)
+                    # ``create_default_context`` expects a proper CA bundle and
+                    # will reject self-signed leaf certificates that we pin on
+                    # disk. Build a dedicated client context instead and load
+                    # the pinned certificate as a trust anchor so the SYSTEM
+                    # agent can complete TLS handshakes identical to Requests.
+                    context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
                     context.check_hostname = False
+                    context.verify_mode = ssl.CERT_REQUIRED
+                    context.load_verify_locations(cafile=verify)
                     _log_agent(
                         f"SocketIO TLS alignment created SSLContext from cafile={verify}",
                         fname="agent.log",