Keycloak-12.0.4 wildfly-21.0.2 Connection refused

myapp on wildfly-10 used keycloak-6 for authencation for 2 years without any issue. The SSL certificate expired and I have reinstall a new SSL and upgrade to wildfly-21 and keycloak-12. I am getting a Connection refused error.

Here is the list of different steps:

I installed Sectigo Essential Wildcard SSL for keycloak-12 as the following:

  1. I issued a certificat from
  2. I received 3 files: _mydomain_net.crt, AAA_Certificate_Services.crt and USERTrust_RSA_Certification_Authority.crt
openssl pkcs12 -export -in _mydomain.crt -inkey -out -name default -CAfile AAA_Certificate_Services.crt -caname root
keytool -importkeystore -destkeystore -srckeystore -srcstoretype PKCS12 -alias default
cp keycloak-12.0.4/standalone/configuration/

I configured keycloak standalone.xml as the following:

            <keystore path="" relative-to="jboss.server.config.dir" keystore-password="mypass" />

   <https-listener name="https" socket-binding="https" security-realm="UndertowRealm" enable-http2="true"/>
                <host name="default-host" alias="localhost">
                    <location name="/" handler="welcome-content"/>
                    <http-invoker security-realm="UndertowRealm"/>

<spi name="truststore">
    <provider name="file" enabled="true">
            <property name="file" value="${jboss.server.config.dir}/"/>
            <property name="password" value="mypass"/>
            <property name="hostname-verification-policy" value="WILDCARD"/>
            <property name="disabled" value="false"/>

I added the certificated to the jvm:

cp _mydomain_net.cert to /usr/lib/jvm/java-8-oracle/jre/lib/security/
cd /usr/lib/jvm/java-8-oracle/jre/lib/security/
keytool -import -alias ca -file -keystore cacerts -storepass mypass

At this level I can access my keycloak installation via https without any issue.
I configured wildfly-21.0.2 as the following:
cp standalone/configuration/

cd wildfly-21.0.2
cp _mydomain_net.cert to /usr/lib/jvm/java-8-oracle/jre/lib/security/
cd /usr/lib/jvm/java-8-oracle/jre/lib/security/
keytool -import -alias ca -file _mydomain_net.crt -keystore cacerts -storepass mypass

my web.xml:




I can’t connect myapp from wildfly-21 to keycloak-12, the error:

[org.keycloak.adapters.KeycloakDeployment] (default task-1) Failed to load URLs from Connection refused (Connection refused)

I am working on this issue for three days without any success and I have no idea on how to solve this problem. Thanks in advance for any idea/suggestion.

Can your browser load without any issue or security warning/tls exception? Which JDK version is used on the client (wildfly)/server(keycloak) TLS side?

can’t access it:
the message from chrome:

This site can’t be reached refused to connect.

from ~/keycloak-12.0.4
openid-configuration not found in the keycloak-12.0.4/.well-known

keycloak jdk:
java version “1.8.0_144”
Java™ SE Runtime Environment (build 1.8.0_144-b01)
Java HotSpot™ 64-Bit Server VM (build 25.144-b01, mixed mode)

wildfly-21 jdk
java version “1.8.0_144”
Java™ SE Runtime Environment (build 1.8.0_144-b01)
Java HotSpot™ 64-Bit Server VM (build 25.144-b01, mixed mode)

https port was missing.
change to