Hi, I’m looking to run keycloak doker on AWS ECS with RDS Aurora as database. in this case I unable to connect database over SSL, trying to up container using 8443 port, If we used 8080 port database connection get success.
I used below Environment Variables:
DB_VENDOR : MYSQL
JDBC_PARAMS : enabledTLSProtocols=TLSv1.2
and DB Connection related params
Any help would be appreciated.
Thank You
Make sure you are using the latest CA RDS cert and you have opened sec. group properly. Ref: https://stackoverflow.com/questions/58796587/keycloak-ssl-error-certificates-do-not-conform-to-algorithm-constraints
Thanks for the reply jangaraj, we are using latest aurora version
Latest Aurora version != latest CA certificates
Its already rds-ca-2019
Hi, I’m having almost the exact same issue as you and have not been able to find a solution. Have you by any chance been able to find a solution to this problem?
Had the same issue, and seemed to find that RDS/Aurora uses old TLS versions… had to drop the version spec and include useSSL=true + trustServerCertificate=true.
Note: I used mariadb connector.
Thank you your answer @deadlysyn! I can confirm that this also works for me.
What I don’t really understand about this whole thing is that as far as I can figure out RDS/Aurora should support TLSv1, TLSv1.1 and TLSv1.2 which I understand that the MySQL connector that the Keycloak Docker image uses should also support…