<div dir="ltr">You need to configure a truststore for the adapter. See <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config">http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config</a>.</div><div class="gmail_extra"><br><div class="gmail_quote">On 29 February 2016 at 13:57, Mark Hayen <span dir="ltr">&lt;<a href="mailto:m.hayen@first8.nl" target="_blank">m.hayen@first8.nl</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
We&#39;re running our application on Openshift Online.<br>
Of course it is secured by keycloak running in the same gear.<br>
<br>
The openshift webconsole offers the possibility to import the<br>
certificate etc.<br>
but when trying to access the application it throws the following error.<br>
<br>
ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default<br>
task-48) failed to turn code into token:<br>
javax.net.ssl.SSLHandshakeException:<br>
sun.security.validator.ValidatorException: PKIX path building failed:<br>
  sun.security.provider.certpath.SunCertPathBuilderException: unable to<br>
find valid certification path to requested target<br>
<br>
What do I have to do to enable keycloak to find the stuf it needs?<br>
<br>
Thank you<br>
Mark Hayen<br>
<a href="http://first8.nl" rel="noreferrer" target="_blank">first8.nl</a><br>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote></div><br></div>