How to set a trust Store for CA ?

[leonardostumpf]

Hello!

I'm trying to setup Authelia to use Stirling with OAUTH, but I'm finding trouble to make it trust the CA. Both are running in docker containers behind a reverse proxy with certificate issued by a private CA. Generally in other apps using an env var like NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt or bind mount /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro usually does the job to make them trust the SSL certificate, but in Stirling I keep receiving this error:

Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://auth.server.lan/.well-known/openid-configuration": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

In couple posts I saw people suggesting to add the settings below in the settings.yml or custom_settings.yml, but comment the settings and just use the truststore doesn't work, and I don't need Stirling to directly work with SSL, since the reverse proxy is doing this job.

server:
  #port: 4443
  ssl:
    #certificate: /configs/fullchain.pem
    #certificate-private-key: /configs/privkey.pem
    trust-certificate: /etc/ssl/certs/ca-certificates.crt

Suggestions?