Problem with HTTPS

Configuring the server
1

Hi, guys…

I generated my valid certificate (https://www.sslforfree.com) to my keycloak, however I am not able to install it in any way.
I’m using the image of the docker.
1- I’ve renamed it to tls.crt (root) and tls.key (private)
2- I already put the two files inside certs
3- I already put it inside / etc / x509 /

But it doesn’t work, can you help me?

2 
docker run \
  --name keycloak \
  -e KEYCLOAK_USER=myadmin \
  -e KEYCLOAK_PASSWORD=mypassword \
  -p 8443:8443 \
  -v /<local-os-path>/mysslforfreecert.crt:/etc/x509/https/tls.crt \
  -v /<local-os-path>/mysslforfreekey.key:/etc/x509/https/tls.key \
  jboss/keycloak
1 Like
3

Sorry my friend, where I execute this commands? I`’’ need creat with there commands in .yml ?

4

look my .yml
whats wrong?

volumes:
postgres_data:
driver: local

services:
postgres:
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password@@@321
keycloak:
image: quay.io/keycloak/keycloak:latest
environment:
DB_VENDOR: POSTGRES
KEYCLOAK_HTTP_PORT: 8080
KEYCLOAK_HTTPS_PORT: 8443
KEYCLOAK_HOSTNAME: auth.client.com.br
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password@@@321
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin123
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn’t be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it.
#JDBC_PARAMS: “ssl=true”
ports:
- 8080:8080
- 8443:8443
depends_on:
- postgres
volumes:
- ./client:/var/www/html
- /opt/keycloak/data/certs/:/etc/x509/https

5

look the erro when I executed your string and after I try access the site…

17:22:25,871 ERROR [io.undertow.request] (default I/O-3) Closing SSLConduit after exception on handshake: javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 is not enabled or supported in server context
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:254)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.negotiateProtocol(ClientHello.java:883)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:835)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:813)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1061)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1048)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:995)
at io.undertow.core@2.0.27.Final//io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:107

6

Hi.

I don’t use docker but this problem is generated by Wildfly.
The client require TLSv1 but Wildfly reject it as insecure.

In wildfly’s standalone search for the https-listener and change enable-http2

<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>

i don’t remember if the parameter must be true or false (try to change it).

Pay attention to certificates. From middle 2019 (I don’t remember the exact month) some policies in SSL certification are changed and browser starts to reject some certificates or marking it as insecure.