I am trying to configure a User Federation using LDAPS with my Active Directory provider. I am using Keycloak in a Docker Container. When I try to authenticate I get the following error:
ERROR [org.keycloak.services] (default task-2) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: MY_SERVER:636: javax.naming.CommunicationException: simple bind failed: MY_SERVER:636 [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
I spoke to my Active Directory Provider and got 3 .cer files as certificates. They told me all 3 are necessary. But now I am unsure on how I should use them.
In the Keycloak Forum (here) I found that I should configure the
X509_CA_BUNDLE enviroment variable to be
/var/run/secrets/kubernetes.io/serviceaccount/ca.crt . I could convert my .cer files to .crt files and copy them in that directory when creating the container, but this solution only works for one certificate if I am not mistaken.
How should I approach this?