SSL Error when using custom sign-on


(Caleb Richard) #1

Hi all,

On my instance of discourse, I currently have a custom OAuth login method. However, Discourse seems to not trust the SSL certificate from my login method. This particular login is used on other sites, so I know the problem is not an invalid SSL certificate. I’ve seen some threads where others have simply disabled SSL for login. For the time being, I have done the same, and login works.

IMPORTANT: To anyone reading this who has a similar problem, disabling SSL is a terrible, non-permanent solution with serious security drawbacks.

So, knowing that disabling SSL is not a good way to fix the issue, has anyone else had experience with this issue? Or could anyone point me to how discourse handles SSL so I could better understand how to solve this problem?

Thanks for all your help.


(Jeff Atwood) #2

Any thoughts on this @sam?


(Caleb Richard) #3

It might also be worth noting that that SSL certificate is accepted when discourse requests a temporary token, but not when it requests the access token.