Proper way to add custom root CA certificates ? #6263
-
Hello, I'm trying to make OIDC working for Paperless with Keycloak and Smallstep's step-ca (a private CA that can act as an ACME server). These services are deployed through Docker, and Traefik handles the proxying and the certificate requests. I've made a custom Paperless image to add my root CA certificate to its trust store.
I've added the following variables to my docker-compose.yml :
I'm able to curl on the given url from the paperless container without issues, but Django does not seem to be aware of this certificate. I got a Server Error (500) when I try to sign in to Paperless:
I suppose it should be possible, as I've been able to make OIDC working for Forgejo with the same method. I've also tried PAPERLESS_EMAIL_CERTIFICATE_LOCATION as discussed in #5114, but no luck. Is there a proper way to make Paperless / Django aware of a private root CA certificate ? |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 2 replies
-
What does this output? Does it recognize a new certificate was added? You might also want to ask the allauth users, https://github.com/pennersr/django-allauth/discussions |
Beta Was this translation helpful? Give feedback.
-
The django-allauth maintainer pointed me in the right direction #3716. The key was to add the REQUESTS_CA_BUNDLE to my docker-compose.yml.
There may be side effects, as mentionned in the link he gave me. |
Beta Was this translation helpful? Give feedback.
-
This discussion has been automatically locked since there has not been any recent activity after it was closed. Please open a new discussion for related concerns. See our contributing guidelines for more details. |
Beta Was this translation helpful? Give feedback.
The django-allauth maintainer pointed me in the right direction #3716.
The key was to add the REQUESTS_CA_BUNDLE to my docker-compose.yml.
There may be side effects, as mentionned in the link he gave me.