[keycloak-user] Trouble with initial SSL handshake from client
Chris Benninger
cbenninger at phemi.com
Tue May 9 17:27:17 EDT 2017
Hi,
I just moved my dev setup to from HTTP to HTTPS. Right now I have a
self-signed cert.
What I do is, set up a cert the usual way and configure keycloak.
Everything is fine from the browser once I accept the cert.
Then my backend service keycloak.conf has 'https' now in it. All good. In
order to make my java service using keycloak client to trust it I have to
add the cert to the trust store.
I export the public cert
> keytool -export -keystore keycloak.jks -alias keycloak -file keycloak.cer
Then on the backend client, I import it to the default keystore
> keytool -import -trustcacerts -keystore
> $JAVA_HOME/jre/lib/security/cacerts -alias keycloak -file keycloak.cer
When I try and perform the first call on the backend service it is still
rejecting the cert for some reason? I can't get it to trust the thing.
2017-05-09 21:14:40,053 ERROR o.k.a.r.JWKPublicKeyLocator Error when
> sending request to retrieve realm keys
> org.keycloak.adapters.HttpClientAdapterException: IO error
> ...
> Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path validation failed:
> java.security.cert.CertPathValidatorException: signature check failed
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_111]
> ...
> Caused by: sun.security.validator.ValidatorException: PKIX path validation
> failed: java.security.cert.CertPathValidatorException: signature check
> failed
If anyone has any insight it would be greatly appreciated
More information about the keycloak-user
mailing list