<html><head></head><body><div style="color:#000; background-color:#fff; font-family:Courier New, courier, monaco, monospace, sans-serif;font-size:13px"><div><span>Dev team - any comments on the commercial certificates instead of the ones created by Keycloak?</span></div><div><span><br></span></div><div><span>Raghu</span></div><div class="qtdSeparateBR" id="yui_3_16_0_1_1453718257603_4365"><br></div><div class="yahoo_quoted" id="yui_3_16_0_1_1453718257603_4370" style="display: block;"> <div style="font-family: Courier New, courier, monaco, monospace, sans-serif; font-size: 13px;" id="yui_3_16_0_1_1453718257603_4369"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" id="yui_3_16_0_1_1453718257603_4368"> <div dir="ltr" id="yui_3_16_0_1_1453718257603_4367"> <font size="2" face="Arial" id="yui_3_16_0_1_1453718257603_4366"> <hr size="1" id="yui_3_16_0_1_1453718257603_4391"> <b id="yui_3_16_0_1_1453718257603_4390"><span style="font-weight:bold;" id="yui_3_16_0_1_1453718257603_4389">From:</span></b> Raghuram Prabhala <prabhalar@yahoo.com><br> <b id="yui_3_16_0_1_1453718257603_4393"><span style="font-weight: bold;" id="yui_3_16_0_1_1453718257603_4392">To:</span></b> Keycloak-user <keycloak-user@lists.jboss.org> <br> <b id="yui_3_16_0_1_1453718257603_4395"><span style="font-weight: bold;" id="yui_3_16_0_1_1453718257603_4394">Sent:</span></b> Thursday, January 21, 2016 2:23 PM<br> <b id="yui_3_16_0_1_1453718257603_4397"><span style="font-weight: bold;" id="yui_3_16_0_1_1453718257603_4396">Subject:</span></b> Realm Certificate from commercial Vendors<br> </font> </div> <div class="y_msg_container" id="yui_3_16_0_1_1453718257603_4373"><br><div id="yiv3614585423"><div id="yui_3_16_0_1_1453718257603_4372"><div style="color:#000;background-color:#fff;font-family:Courier New, courier, monaco, monospace, sans-serif;font-size:13px;" id="yui_3_16_0_1_1453718257603_4371"><div id="yiv3614585423yui_3_16_0_1_1453401284652_4430"><br></div><div id="yiv3614585423yui_3_16_0_1_1453401284652_4430">I have a question about the Certificate/private key which is generated today by Keycloak. But rather than use that certificate ,is there any way we can use a commercial Certificate from Vendors like Verisign? When that certificate expires, how do we generate/upload a new certificate (lifecycle) and handle the switch over to a new certificate with minimal impact to any of the client who will have to download the new certificate and use it when KC starts using the new one?</div><div id="yiv3614585423yui_3_16_0_1_1453401284652_4430" dir="ltr"><br></div><div id="yiv3614585423yui_3_16_0_1_1453401284652_4430" dir="ltr"><br></div></div></div></div><br><br></div> </div> </div> </div></div></body></html>