[keycloak-user] add self signed certificate for external IDP without root acces
triton oidc
triton.oidc at gmail.com
Mon Sep 17 12:17:47 EDT 2018
Hi,
i found a solution.
#i copy the system trustore
cp /etc/pki/java/cacerts $keycloak_cert_path/
#Then i import the new ca in the trustore copy
keytool -importcert -file $path_to_cert -keystore
$keycloak_cert_path/cacerts -alias "manual-self-signed" -noprompt
-storepass $mypassword
#then i add the option for starting the JVM
./standalone.sh -b $listening_address
*-Djavax.net.ssl.trustStore=$keycloak_cert_path/cacerts
-Djavax.net.ssl.trustStorePassword=**$mypassword "*
issue : if the system trustore is updated : this trick wont work.
Where should i put this trick so nobody with google have to loose 2 days on
this ?
On Fri, Sep 14, 2018 at 3:18 PM triton oidc <triton.oidc at gmail.com> wrote:
> Hi,
>
> It may be a wildfly issue but i'm not sure.
> I'm not root on the server (i can't do an update-ca-trust)
> i configured an external IDP, when keycloak wants to exchange the code for
> the ID token to the external IDP, i get a certificate exception.
>
> I tried adding the certificate in the keystore.
>
> There is no trustore.jks in the standalone.xml, i guess it's using the
> system trustore
>
> Should i create an empty trustore.jks and try to put it in the
> standalone.xml ?
> but i might loose other external IDP with real public certificate.
>
> I'm sure it's very simple, but i can't get it to work.
>
> I'll take any hints
> I'll update if i find the solution.
>
> Thanks
>
> Amaury
>
More information about the keycloak-user
mailing list