[keycloak-user] Help setup SSL certificate on keycloak

Sylvain Malnuit sylvain.malnuit at lyra-network.com
Thu Apr 18 03:15:12 EDT 2019


Francesco,

If you use the official Keycloak image, they introduce cer file conversion
mechanism. (see previous answer)

and
https://github.com/jboss-dockerfiles/keycloak/blob/master/server/tools/x50
9.sh

and readme
https://github.com/jboss-dockerfiles/keycloak/tree/master/server (find
TLS)



Otherwise (custom docker image 
),  You must use Wildfly mechanism and
implement the same mechanism to import your certificale.



If Keycloak(Wildfly) doesn’t detect jks, it will generate a jks with
auto-signed certificate (see warning in logs). In Docker environment, you
can mount (secrets 
)  your certificates and convert them to jks (see
KEYSTORES_STORAGE in x509.sh script for exemple)



bye



De : Francesco Longo [mailto:francesco.longo at linksfoundation.com]
Envoyé : mercredi 17 avril 2019 17:53
À : Sylvain Malnuit <sylvain.malnuit at lyra-network.com>
Objet : Re: [keycloak-user] Help setup SSL certificate on keycloak



Hi! Thank you for your answer, but I can't understand. I have a valid
certificate (.cer file) and I don understand how to import on keycloak..
The problem is that I use keycloak on a docker container on a portainer
configuration. I provide HTTPS with a selfsigned certificate running
docker container and keycloak with a mapped port like 8443. Now I cannot
understand how to setup this certificate on keycloak and the
guide/tutorial is not so clear because I don't understand where to put the
.cer file and what file edit...



I have to create a keystore from the .cer file?



Could you provide me a better understanding procedure?

Thank you very much!



  <https://linksfoundation.com/firma/links_logo.png>

 <https://www.facebook.com/linksfoundation/> Facebook |
<https://twitter.com/linksfoundation> Twitter |
<https://www.linkedin.com/company/links-%E2%80%93-leading-innovation-&-kno
wledge-for-society/> LinkedIn

Francesco Longo
Rsearcher |  <https://linksfoundation.com/> Linksfoundation.com
T. +39 0112276440
francesco.longo at linksfoundation.com
<mailto:nome.cognome at linksfoundation.com>

Personal account: LinkedIn <https://www.linkedin.com/in/france193/>  |
Skype <https://join.skype.com/invite/jt9vIqDeuk6G>

  _____


  <https://linksfoundation.com/firma/recycle.png>

Rispetta l'ambiente, pensa prima di stampare questa e-mail
Please consider the environment before printing this email

  _____

Questo documento è formato esclusivamente per il destinatario. Tutte le
informazioni ivi contenute, compresi eventuali allegati, sono da ritenere
esclusivamente confidenziali e riservate secondo i termini del vigente
D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016
-GDPR- e quindi ne è proibita l'utilizzazione ulteriore non autorizzata.
Se avete ricevuto per errore questo messaggio, Vi preghiamo cortesemente
di contattare immediatamente il mittente e cancellare la e-mail. Grazie.

Confidentiality Notice - This e-mail message including any attachments is
for the sole use of the intended recipient and may contain confidential
and privileged information pursuant to Legislative Decree 196/2003 and the
European General Data Protection Regulation 679/2016 -GDPR-. Any
unauthorized review, use, disclosure or distribution is prohibited. If you
are not the intended recipient, please contact the sender by reply e-mail
and destroy all copies of the original message.

  _____

From: Sylvain Malnuit <sylvain.malnuit at lyra-network.com
<mailto:sylvain.malnuit at lyra-network.com> >
Sent: Wednesday, April 17, 2019 16:05
To: Francesco Longo; keycloak-user at lists.jboss.org
<mailto:keycloak-user at lists.jboss.org>
Subject: RE: [keycloak-user] Help setup SSL certificate on keycloak



Hi,
It's an internal mechanism of Wildlfy (see
http://www.mastertheboss.com/jboss-server/jboss-security/complete-tutorial
-for-configuring-ssl-https-on-wildfly)
You create a keystore (jks) in a expected folder (or override the path
with a parameter) and declare realm in wildlfy.

It's not very difficult. Follow the tutorial and it's workfine.
Depending the version of keycloak (associated Wildlfy version -  Elytron
or not), cli command scan be different.

Good luck

-----Message d'origine-----
De : keycloak-user-bounces at lists.jboss.org
<mailto:keycloak-user-bounces at lists.jboss.org>
[mailto:keycloak-user-bounces at lists.jboss.org] De la part de Francesco
Longo
Envoyé : mercredi 17 avril 2019 15:31
À : keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
Objet : [keycloak-user] Help setup SSL certificate on keycloak

Goodmorning, I'm Francesco Longo and I'm a researcher at Links Foundation.
I'trying to setup keycloak as authentication and authorization service for
a European project and I have some problem setting up an SSL certificate.

I find the way to use HTTPS in keycloak using docker (just run the docker
image with the 8443 port mapping and it automatically create a self-signed
certificate) but I'd like to put a valid SSL certificate because I get the
error "self signed certificate" when I do some request to my keycloak
protected server...

I found your guide where it is explained how to put a certificate but it
is not clear to me where it is necessary to put the keystore file and what
file to edit or modify in order to have HTTPS.

I'll be very gratefull if some of you could help me to solve my doubts.

Thank you very much for your availability.
Best regards,

[LINKS Foundation]

Facebook<https://www.facebook.com/linksfoundation/> |
Twitter<https://twitter.com/linksfoundation> |
LinkedIn<https://www.linkedin.com/company/links-%E2%80%93-leading-innovati
<https://www.linkedin.com/company/links-%E2%80%93-leading-innovati%0bon-&-
knowledge-for-society/>
on-&-knowledge-for-society/>

Francesco Longo
Rsearcher | Linksfoundation.com<https://linksfoundation.com/>
T. +39 0112276440
francesco.longo at linksfoundation.com
<mailto:francesco.longo at linksfoundation.com%3cmailto:nome.cognome at linksfou
ndation.co> <mailto:nome.cognome at linksfoundation.co
m>

Personal account: LinkedIn<https://www.linkedin.com/in/france193/> |
Skype<https://join.skype.com/invite/jt9vIqDeuk6G>

________________________________
[Please consider the environment]

Rispetta l'ambiente, pensa prima di stampare questa e-mail Please consider
the environment before printing this email


________________________________

Questo documento è formato esclusivamente per il destinatario. Tutte le
informazioni ivi contenute, compresi eventuali allegati, sono da ritenere
esclusivamente confidenziali e riservate secondo i termini del vigente
D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016
-GDPR- e quindi ne è proibita l'utilizzazione ulteriore non autorizzata.
Se avete ricevuto per errore questo messaggio, Vi preghiamo cortesemente
di contattare immediatamente il mittente e cancellare la e-mail. Grazie.

Confidentiality Notice - This e-mail message including any attachments is
for the sole use of the intended recipient and may contain confidential
and privileged information pursuant to Legislative Decree 196/2003 and the
European General Data Protection Regulation 679/2016 -GDPR-. Any
unauthorized review, use, disclosure or distribution is prohibited. If you
are not the intended recipient, please contact the sender by reply e-mail
and destroy all copies of the original message.
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list