Enabling-ssl-https for the keycloak-server

Question

I am using keycloak-8.0.1 in standalone configuration . I am trying to enable SSL/Https for Keycloak server running on my Test machine (A.B.C.D) , token request will be requested from machine (X.Y.Z.P).

(Will there be any CORS/CSRF issue for the generated token , looks like yes ? And will Keycloak over SSL help to solve this?) Nevertheless i require SSL enabling .

So went ahead with https://www.keycloak.org/docs/latest/server_installation/#enabling-ssl-https-for-the-keycloak-server

Step 1 Run command :

keytool -genkey -alias localhost -keyalg RSA -keystore keycloak.jks -validity 10950

... two files server.key and keycloak.jks got created. Question : should i used localhost here or better to use IP A.B.C.D of my Test machine? Though documentation says localhost so went ahead with that.

Step 2 Generate a certificate request :

$ keytool -certreq -alias yourdomain -keystore keycloak.jks > keycloak.careq

I can also generate the cert request using localhost/A.B.C.D.

Step 3: Send the cert req created in above step to CA and download the root cert from CA(root.crt) and import using command:

keytool -import -keystore keycloak.jks -file root.crt -alias root

Do i have to skip this step for localhost and if not how to generate root.crt for localhost.

step 4: last step is to import CA generated certificate to keystore

$ keytool -import -alias yourdomain -keystore keycloak.jks -file your-certificate.cer

Question: Now i have only two files generated in very first step "server.key" and keycloak.jks and from where i should get root.crt and your-certificate.cer ? I tried uploading the ca request to CAcert.org but they dont create certificate for localhost DNS.

I already went through lot of links link1 , link2 , link3 link4 and getting confused Please help.

Enabling-ssl-https for the keycloak-server

Answers (1)

Related Questions