Installing SSL certificate in Keycloak
How to create self sign SSL certificate?
Execute the following ‘openssl’ commands
Generates a new 2048-bit RSA private key and stores it in the file server.key
> openssl genrsa -out server.key
Creates a Certificate Signing Request (CSR) using the private key in server.key
> openssl req -new -key server.key -out server.csr
Creates a self-signed certificate using the information in the CSR and the private key.
> openssl x509 -req -in server.csr -signkey server.key -days 365 -out server.crt
After executing the following commands there should be three files, which are server.key, server.csr, server.crt.
How to change docker compose file for SSL certificate?
Map the certificate volumes
volumes:
- ./conf/server.crt:/opt/keycloak/conf/server.crt
- ./conf/server.key:/opt/keycloak/conf/server.keyAdd the respective https ports 443 or 8443
ports:
- "8443:8443"Add following environment variables
environment:
KC_HTTPS_CERTIFICATE_FILE: /opt/keycloak/conf/server.crt
KC_HTTPS_CERTIFICATE_KEY_FILE: /opt/keycloak/conf/server.keyThen restart the docker container and see https://ip:8443
Troubleshooting tips
Check the https port available in docker container. Use docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f52bf6427e46 keycloak-keycloak_w "/opt/keycloak/bin/k…" About an hour ago Up About an hour 8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp keycloak_wCheck volume maps are correct. If not Keycloack server will not start and may produce error on console logs.
keycloak_w | 2023-12-19 03:35:16,193 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (production) mode
keycloak_w | 2023-12-19 03:35:16,193 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Is a directorySee the project at https://github.com/KavinduGayan/keycloak-docker-compose.git
