[keycloak-user] Keycloak realm certificates export
Dmitry Telegin
dt at acutus.pro
Mon Oct 29 23:13:13 EDT 2018
Hello Jamie,
Just FYU, there is also certificate endpoint that does not require authentication:
http://localhost:8080/auth/realms/master/protocol/openid-connect/certs
(replace your server name, port and realm)
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro
On Mon, 2018-10-29 at 15:34 +0000, Jamie McDowell wrote:
> I have managed to obtain just the certificate using the below command in case anyone needs this in future
> /opt/jboss/keycloak/bin/kcadm get keys \--server <url> \--realm master \--user <user> \--password <password> \-r <realm> | grep "certificate*"
> Regards,
> Jamie
>
> On Monday, 29 October 2018, 11:56:25 GMT, Jamie McDowell <jambo_mcd at yahoo.co.uk> wrote:
>
> Hi,
>
> I am trying to find a way to be able to retrieve a realm certificate which can then be passed to Knox. When a realm is deployed, it generates a new public key, therefore any Knox Configuration would have to be updated with new corresponding certificates.
> Knox is used to decrypt singed JWT's.
> Is this something that can be achieved?
> I have tried running kcadm to pull the certificate details however i am unable to provide only the cert details which i would then want to output into another file.
> Examples of kcadm
> /opt/jboss/keycloak/bin/kcadm get keys \--server <url> \--realm master \--user <user> \--password <password> \-r <realm>
> Regards,
> Jamie
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list