Hi,
I just moved my dev setup to from HTTP to HTTPS. Right now I have a
self-signed cert.
What I do is, set up a cert the usual way and configure keycloak.
Everything is fine from the browser once I accept the cert.
Then my backend service keycloak.conf has 'https' now in it. All good. In
order to make my java service using keycloak client to trust it I have to
add the cert to the trust store.
I export the public cert
keytool -export -keystore keycloak.jks -alias keycloak -file
keycloak.cer
Then on the backend client, I import it to the default keystore
keytool -import -trustcacerts -keystore
$JAVA_HOME/jre/lib/security/cacerts -alias keycloak -file keycloak.cer
When I try and perform the first call on the backend service it is still
rejecting the cert for some reason? I can't get it to trust the thing.
2017-05-09 21:14:40,053 ERROR o.k.a.r.JWKPublicKeyLocator Error when
sending request to retrieve realm keys
org.keycloak.adapters.HttpClientAdapterException: IO error
...
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: signature check failed
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_111]
...
Caused by: sun.security.validator.ValidatorException: PKIX path validation
failed: java.security.cert.CertPathValidatorException: signature check
failed
If anyone has any insight it would be greatly appreciated