I generated my valid certificate (https://www.sslforfree.com) to my keycloak, however I am not able to install it in any way.
I’m using the image of the docker.
1- I’ve renamed it to tls.crt (root) and tls.key (private)
2- I already put the two files inside certs
3- I already put it inside / etc / x509 /
services:
postgres:
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password@@@321
keycloak:
image: quay.io/keycloak/keycloak:latest
environment:
DB_VENDOR: POSTGRES
KEYCLOAK_HTTP_PORT: 8080
KEYCLOAK_HTTPS_PORT: 8443
KEYCLOAK_HOSTNAME: auth.client.com.br
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password@@@321
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin123
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn’t be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it. #JDBC_PARAMS: “ssl=true”
ports:
- 8080:8080
- 8443:8443
depends_on:
- postgres
volumes:
- ./client:/var/www/html
- /opt/keycloak/data/certs/:/etc/x509/https
look the erro when I executed your string and after I try access the site…
17:22:25,871 ERROR [io.undertow.request] (default I/O-3) Closing SSLConduit after exception on handshake: javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 is not enabled or supported in server context
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:254)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.negotiateProtocol(ClientHello.java:883)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:835)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:813)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1061)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1048)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:995)
at io.undertow.core@2.0.27.Final//io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:107
i don’t remember if the parameter must be true or false (try to change it).
Pay attention to certificates. From middle 2019 (I don’t remember the exact month) some policies in SSL certification are changed and browser starts to reject some certificates or marking it as insecure.