smerschjohann
commented
4 years ago I figured it out: you just have to provide the CA certificate in /etc/ssl/certs/
Nonetheless another possibility to add certificates would be nice.
Closed smerschjohann closed 4 years ago
smerschjohann
commented
4 years ago I figured it out: you just have to provide the CA certificate in /etc/ssl/certs/
Nonetheless another possibility to add certificates would be nice.
jr0d
commented
4 years ago @smerschjohann TFA is using the standardlib HTTP server, which also supports the SSL_CERT_FILE environment variable.
smerschjohann
commented
4 years ago Thank you, good to know that there are multiple ways
Thank you for this general OIDC addition.
I'm currently struggeling at using a custom CA in my environment. The output is as following:
$ kubectl logs traefik-auth-forward
time="2020-02-05T09:57:11Z" level=fatal msg="failed to get provider configuration: %vGet https://THE_OIDC_HOST/auth/realms/THE_REALM/.well-known/openid-configuration: x509: certificate signed by unknown authority"
It would be nice if it is possible to set a custom CA authority for the OIDC provider as the whole application is only available in a private cloud.
Or is it already possible in some way?