Re: [keycloak-user] Realm Certificate from commercial Vendors
We don't support uploading the realm keys through the admin console at the
moment. However, you should be able to use the admin endpoints to manually
set it. Should be relatively easy to add though, so you can create a JIRA
to request it, but you're actually the first to request it.
With regards to clients we don't have an elegant way to deal with this.
What we have is if the public key is not specified in the client config it
will download it from Keycloak at startup, so if you restart your clients
after creating new keys it should work. Ideally Keycloak should send a
message to the clients to notify them that the keys have changed so they
can re-fetch from Keycloak, but that hasn't been implemented yet. Again,
feel free to request that.
On 25 January 2016 at 11:50, Raghuram Prabhala <prabhalar(a)yahoo.com> wrote:
Dev team - any comments on the commercial certificates instead of the
ones
created by Keycloak?
Raghu
------------------------------
*From:* Raghuram Prabhala <prabhalar(a)yahoo.com>
*To:* Keycloak-user <keycloak-user(a)lists.jboss.org>
*Sent:* Thursday, January 21, 2016 2:23 PM
*Subject:* Realm Certificate from commercial Vendors
I have a question about the Certificate/private key which is generated
today by Keycloak. But rather than use that certificate ,is there any way
we can use a commercial Certificate from Vendors like Verisign? When that
certificate expires, how do we generate/upload a new certificate
(lifecycle) and handle the switch over to a new certificate with minimal
impact to any of the client who will have to download the new certificate
and use it when KC starts using the new one?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- attachment.html (text/html — 3.4 KB)