auth.md +19 −0
91 91
92These settings are commonly applied via managed configuration rather than per-user setup. See [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration).92These settings are commonly applied via managed configuration rather than per-user setup. See [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration).
93 93
94## Login diagnostics
95
96Direct `codex login` runs write a dedicated `codex-login.log` file under
97your configured log directory. Use it when you need to debug browser-login or
98device-code failures, or when support asks for login-specific logs.
99
100## Custom CA bundles
101
102If your network uses a corporate TLS proxy or private root CA, set
103`CODEX_CA_CERTIFICATE` to a PEM bundle before logging in. When
104`CODEX_CA_CERTIFICATE` is unset, Codex falls back to `SSL_CERT_FILE`. The same
105custom CA settings apply to login, normal HTTPS requests, and secure websocket
106connections.
107
108```shell
109export CODEX_CA_CERTIFICATE=/path/to/corporate-root-ca.pem
110codex login
111```
112
94## Login on headless devices113## Login on headless devices
95 114
96If you are signing in to ChatGPT with the Codex CLI, there are some situations where the browser-based login UI may not work:115If you are signing in to ChatGPT with the Codex CLI, there are some situations where the browser-based login UI may not work: