diff --git a/Enabling-SSO-support-using-OpenId-Connect.md b/Enabling-SSO-support-using-OpenId-Connect.md
index 39050cd..e9ed89b 100644
--- a/Enabling-SSO-support-using-OpenId-Connect.md
+++ b/Enabling-SSO-support-using-OpenId-Connect.md
@@ -31,6 +31,8 @@ The following configurations are available
 
 The callback URL is [automatically generated](https://github.com/dani-garcia/vaultwarden/blob/1e1f9957cd037fad87e5cd33245720f865942016/src/config.rs#L1333) from the `DOMAIN`. If you set `DOMAIN=https://vaultwarden.example.tld` your callback URL will be `https://vaultwarden.example.tld/identity/connect/oidc-signin`.
 
+If you are using a private certificate authority or self signed certificates on your SSO authority, you need to add your root certificate to `/etc/ssl/certs` or point the `SSL_CERT_DIR` or `SSL_CERT_FILE` environment variables to it.
+
 ## Account and Email handling
 
 When logging in with SSO an identifier (`{iss}/{sub}` claims from the IdToken) is saved in a separate table (`sso_users`).