[keycloak-user] import SAML keys via command line

John Dennis jdennis at redhat.com
Tue Sep 19 11:24:35 EDT 2017


On 09/19/2017 06:43 AM, Pieter Lukasse wrote:
> Hi,
> 
> I have a .jks file which I would like to import into keycloak using the
> command line instead of the "SAML keys" page (in SAML client config page).
> 
> I cannot find any command for this here http://www.keycloak.org/
> docs/3.3/server_admin/topics/admin-cli.html
> 
> Is this just missing or is the documentation incomplete? Can someone help
> me on this one?

You can import using the Java keytool utility, but the import format 
MUST be PKCS12.

Note: replace xxx, key.pem & cert.pem with appropriate values, hopefully 
it should be obvious which xxx matches in each command.

First create a .p12 PKCS12 file:

% openssl pkcs12 -export -name xxx -passout pass:xxx -in cert.pem -inkey 
key.pem -out xxx.p12

Then import the .p12 PKCS12 file into the keystore:

% keytool -importkeystore -srckeystore xxx.p12 -srcstoretype PKCS12 
-srcstorepass xxx -destkeystore keycloak.jks -deststorepass xxx -alias xxx



-- 
John


More information about the keycloak-user mailing list