How fix unsecured jwt-set-uri in spring security oauth?

Question

I'm using keycloak as authorization server and a spring boot application as resource server. Keycloak work with a self signed TLS. When I open keycloak jwk-set-uri, It looked as follow:

The response in json formatted is as follows:

{
  "keys": [
    {
      "kid": "pI7XwYgG2l2ehgGg3XQ-N6Jc41_txjSzMQMWzLeyaiw",
      "kty": "RSA",
      "alg": "RS256",
      "use": "sig",
      "n": "nwGwgRywBMlKZreioz1nlo-PKWi...",
      "e": "AQAB",
      "x5c": [
        "MIICoTCCAYkCBgFte4jKkTANBgkqhki...jzxMCZL3Xkd4rs="
      ],
      "x5t": "CqljUhhfTCOMFMxORUXeotcSYxk",
      "x5t#S256": "4nlGCmpr6OYYHfkylCp2GGt9iefPRv_aq1DB..."
    }
  ]
}

And JwtDecoder bean define as follow:

@Bean
public JwtDecoder jwtDecoder(){
   return NimbusJwtDecoder.withJwkStUri("https://192.168.1.4:8080/.../openid-connect/certs")
}

When I set jwkSetUri with https pattern, application don't work correctly, But if I set it with http pattern, The application work correctly. Where is the problem? How can I fix it?

Answer 1

The problem is that the self signed TLS is not registerd in jvm, so it must registerd as follow:

1. Export cetificate from browser
2. Import certicate to jvm with keytool -import -alias example -keystore "C:\Program Files)\Java\jre1.6.0_22\lib\security\cacerts" -file certificate.cer or keytool -importcert -file certificate.cer -keystore "C:\Program Files)\Java\jre1.6.0_22\lib\security\cacerts" -alias example command. It will asked password, jvm default password is changeit.
3. Now restart the PC and then it will work insha'allah.