[keycloak-user] Download and import X.509 client certificate from Keycloak

[Wei He]

Hello dear all,

A question about the process to get the client X.509 certification:

I set up the Keycloak 4.8.2-Final on my localhost and enabled the SSL as described in the documenthttps://www.keycloak.org/docs/latest/server_admin/index.html#_x509.

The server could start but I could not open the server page on the localhost:8443 (openssl s_client -connect 127.0.0.1:8443) due to the SSL error code 42 (4566025836:error:1401E412:SSL routines:CONNECT_CR_FINISHED:sslv3 alert bad certificate:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.230.1/libressl-2.6/ssl/ssl_pkt.c:1205:SSL alert number 42), which means that the client certificate problem. But my imagination was that the server should redirect me to the login page. After I logged in, the server should generate the client certificate and ask me to download the certification and import it to my browser. After that I should be able to connect to the server without any further authentication, because I already had the client certificate trusted by the Keycloak.

What did I do wrong? Or this process is not supported by the current keycloak yet?

Thanks a lot!

Wei He