Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

I'm attempting to add a Social Login (generic, Keycloak) to my Ory project and running into an issue with Ory SaaS being able to validate my TLS certificates. I've run into this problem recently with my own self hosted things being signed by newer Let's Encrypt CAs that are not currently in Debians ca-certificates package. If by chance this was deployed with Distroless it would also have the same problem as most of the time ca-certificates is pulled in the Debian stable

yeah, it seems to be coming from <https://github.com/GoogleContainerTools/distroless/issues/753>, as we in fact do use distroless

we have no quick workaround for now, as we need to change our build procedure to ensure the certs are kept up to date regardless od distroless :thinking_face: