Unable to pass CA certificate to validate OIDC provider tls connection

[nodje]

Using container deployment, I'm unable to start SFTPgo 2.6.3 with an OIDC config since it can't verify the OIDC provider's certificate.
Is there an option to pass a CA cert that would be processed and added to the container's system CA chain?

Or even to deactivate SSL cert check when communicating with the OIDC provider?

Because the container fails to start with

sftpgo  | {"level":"error","time":"2024-12-10T08:40:22.131","sender":"service","message":"could not start HTTP server: oidc: unable to initialize provider for URL \"https://keycloak.local.com/realms/ligoj\": Get \"https://keycloak.local.com/realms/ligoj/.well-known/openid-configuration\": tls: failed to verify certificate: x509: certificate signed by unknown authority"}

I can even try to install the CA manually in the container to validate the config.

Unless someone has a clue, I'll post this as a bug since there's really a need to provide the CA certificate to SFTPgo for it to be integrated in an env with it's own PKI.

I can see another request asking the same question #1679

[nodje]

PS: I've tried passing a CA cert with the Httpd config option ca_certificates within docker:
SFTPGO_HTTPD__CA_CERTIFICATES=/tmp/rootCA.crt

but I kept having the same issue.
I'm not sure it would be used when accessing the OIDC server though.