I’m beginning my API development by interacting with the existing API branch and working my way through all the OpenID stuff and hopefully, ultimately, getting an existing service (such as like) to work. By “existing” I’m talking about code off of the API branch in Frank Rousseau’s fork which I’m contributing to until we get that longer lived feature branch etc. in the main repo (if we decide to do that). As it stands right now if I disable the HTTPS requirement and make a call into the authentication system I’m getting a “Can’t verify CSRF token authenticity” error in the OpenID authorization control. This sounds to me like an artifact of not having an HTTPS connection. I therefore enabled HTTPS only but FireFox is complaining about a failed connection because of the error SSL_ERROR_RX_RECORD_TOO_LONG. I’m trying to determine how to install the SSL certificates in the app that fires up when you call script/server but I haven’t been able to figure it out. Can someone point me to where I’m missing that step in the documentation I’m missing it or shed some light on where in the configuration I tell it which certificates to use?