10:18 a.m.
Hi,
It may be a wildfly issue but i'm not sure.
I'm not root on the server (i can't do an update-ca-trust)
i configured an external IDP, when keycloak wants to exchange the code for
the ID token to the external IDP, i get a certificate exception.
I tried adding the certificate in the keystore.
There is no trustore.jks in the standalone.xml, i guess it's using the
system trustore
Should i create an empty trustore.jks and try to put it in the
standalone.xml ?
but i might loose other external IDP with real public certificate.
I'm sure it's very simple, but i can't get it to work.
I'll take any hints
I'll update if i find the solution.
Thanks
Amaury
11:17 a.m.
Hi,
i found a solution.
#i copy the system trustore
cp /etc/pki/java/cacerts $keycloak_cert_path/
#Then i import the new ca in the trustore copy
keytool -importcert -file $path_to_cert -keystore
$keycloak_cert_path/cacerts -alias "manual-self-signed" -noprompt
-storepass $mypassword
#then i add the option for starting the JVM
./standalone.sh -b $listening_address
*-Djavax.net.ssl.trustStore=$keycloak_cert_path/cacerts
-Djavax.net.ssl.trustStorePassword=**$mypassword "*
issue : if the system trustore is updated : this trick wont work.
Where should i put this trick so nobody with google have to loose 2 days on
this ?
On Fri, Sep 14, 2018 at 3:18 PM triton oidc <triton.oidc(a)gmail.com> wrote:
Hi,
It may be a wildfly issue but i'm not sure.
I'm not root on the server (i can't do an update-ca-trust)
i configured an external IDP, when keycloak wants to exchange the code for
the ID token to the external IDP, i get a certificate exception.
I tried adding the certificate in the keystore.
There is no trustore.jks in the standalone.xml, i guess it's using the
system trustore
Should i create an empty trustore.jks and try to put it in the
standalone.xml ?
but i might loose other external IDP with real public certificate.
I'm sure it's very simple, but i can't get it to work.
I'll take any hints
I'll update if i find the solution.
Thanks
Amaury
2278
days inactive
2281
days old
1 comments
1 participants
participants (1)
-
triton oidc