Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello everyone, I am trying to configure kratos with _*selfservice*_ method `OIDC` with generic provider configuration.
I made everything work with an identity server hosted with SSL certificate from trusted authority (I used Let'sencrypt).

The problem is the whole solution is not working if I host the identity server with a _*self signed certificate*_. I couldn't find a way to provision the list of trusted authorities (CAs) in kratos config.
The error I am getting from kratos is like 'Self signed certificate found while discovery"
Can anybody suggest on this?

I assume you’re running Kratos from the official docker image. I think the best solution would be to add your self-signed certificate like suggested on <https://stackoverflow.com/a/67232164|StackOverflow>. This would mean that you create your own kratos image with a self-signed certificate added to trusted certificates.

The other option would be to modify kratos to accept TLS verification which would bypass the certificate but this is bad from a security perspective, plus you would still have to create a docker image based on the modified code. Option #1 sounds better :slightly_smiling_face: