[keycloak-user] Keycloak realm certificates export

Jamie McDowell jambo_mcd at yahoo.co.uk
Mon Nov 5 07:34:06 EST 2018 

Hi Dmitry,
Thanks for your response. I can confirm that this does provides the certs however this seems to be encrypted. 
Do you know how we can recreate this to provide the value that is visible in Keycloak console? I need to be able to get the decrypted value of the cert so i can pass this over to another application. 
Regards,
Jamie 

    On Tuesday, 30 October 2018, 03:13:17 GMT, Dmitry Telegin <dt at acutus.pro> wrote:  
 
 Hello Jamie,

Just FYU, there is also certificate endpoint that does not require authentication:
http://localhost:8080/auth/realms/master/protocol/openid-connect/certs
(replace your server name, port and realm)

Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro


On Mon, 2018-10-29 at 15:34 +0000, Jamie McDowell wrote:
> I have managed to obtain just the certificate using the below command in case anyone needs this in future
>  /opt/jboss/keycloak/bin/kcadm get keys \--server <url> \--realm master \--user <user> \--password <password> \-r <realm> | grep "certificate*"
> Regards,
> Jamie 
> 
>     On Monday, 29 October 2018, 11:56:25 GMT, Jamie McDowell <jambo_mcd at yahoo.co.uk> wrote:  
>  
>  Hi,
> 
> I am trying to find a way to be able to retrieve a realm certificate which can then be passed to Knox. When a realm is deployed, it generates a new public key, therefore any Knox Configuration would have to be updated with new corresponding certificates. 
> Knox is used to decrypt singed JWT's.
> Is this something that can be achieved?
> I have tried running kcadm to pull the certificate details however i am unable to provide only the cert details which i would then want to output into another file.
> Examples of kcadm 
> /opt/jboss/keycloak/bin/kcadm get keys \--server <url> \--realm master \--user <user> \--password <password> \-r <realm>
> Regards,
> Jamie    
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list