Re: [keycloak-user] Trouble with initial SSL handshake from client

Hi, I just moved my dev setup to from HTTP to HTTPS. Right now I have a self-signed cert. What I do is, set up a cert the usual way and configure keycloak. Everything is fine from the browser once I accept the cert. Then my backend service keycloak.conf has 'https' now in it. All good. In order to make my java service using keycloak client to trust it I have to add the cert to the trust store. I export the public cert > keytool -export -keystore keycloak.jks -alias keycloak -file keycloak.cer Then on the backend client, I import it to the default keystore > keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts > -alias keycloak -file keycloak.cer When I try and perform the first call on the backend service it is still rejecting the cert for some reason? I can't get it to trust the thing. 2017-05-09 21:14:40,053 ERROR o.k.a.r.JWKPublicKeyLocator Error when > sending request to retrieve realm keys org.keycloak.adapters.HttpClientAdapterException: > IO error > ... > Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: > PKIX path validation failed: java.security.cert.CertPathValidatorException: > signature check failed > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) > ~[?:1.8.0_111] > ... > Caused by: sun.security.validator.ValidatorException: PKIX path > validation failed: java.security.cert.CertPathValidatorException: > signature check failed If anyone has any insight it would be greatly appreciated