Keycloak.X Preview HTTPS Setup

Configuring the server
1

There is not much documentation on setting up HTTPS with Keycloak.X version.

  1. I have a Let’s Encrypt certificate and generated keystore out of the certs and keys.

  2. And I save the keystore at /conf/server.keystore.

  3. Then ran sh kc.sh.

Here is the error I got. I gave correct password also. Please let me know if my steps are incorrect.

2021-08-19 03:57:49,207 ERROR [org.key.cli.Picocli] (main) ERROR: Failed to start server using profile (none).
2021-08-19 03:57:49,208 ERROR [org.key.cli.Picocli] (main) ERROR: Unable to start HTTP server
2021-08-19 03:57:49,208 ERROR [org.key.cli.Picocli] (main) ERROR: io.vertx.core.VertxException: java.io.IOException: keystore password was incorrect
2021-08-19 03:57:49,208 ERROR [org.key.cli.Picocli] (main) ERROR: java.io.IOException: keystore password was incorrect
2021-08-19 03:57:49,210 ERROR [org.key.cli.Picocli] (main) ERROR: keystore password was incorrect
2021-08-19 03:57:49,211 ERROR [org.key.cli.Picocli] (main) ERROR: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.

2

There is generally not much docs around Keycloak.X as it is still preview and no release. Have that always on mind!

I was able setup a test Keycloak.X with a self signed certificate, but only with the -nodes option, so that it won’t have a password. With a password secured cert, I got the same error as you.

3

I could start keycloak with the self signed cert without any options. But for CA cert still I cannot start keycloak. Should I move back to the none preview version?