Hello,
I am managing a keycloak server that runs as a jboss/keycloak image on a synology nas. The keycloak server is configured to use self-signed ssl certificate (signed with our root certificate).
Now, I created a new root certifacte and signed new server certificates (with openssl). I renamed the server certificate and keyfile to tls.crt and tls.key and uploaded these files to a folder (ssl-Folder) on the nas. The ssl-Folder is mounted in the jboss/keycloak docker image via the docker-compose.yml file:
volumes:
- ssl-Folder:/etc/x509/https
I restarted the jboss/keycloak docker-container via the terminal command
sudo docker restart
Additionally, I restarted the nas hosting the container.
If I login the running jboss/keycloak docker-container via portainer I can see that the new tls.crt and tls.key files are available within the running container at the path /etc/x509/https and that they are readable for user/group/other. According to jboss/keycloak user guide https://hub.docker.com/r/jboss/keycloak/ (Section “Setting up TLS (SSL)”): “The image will automatically convert them into a Java keystore and reconfigure Wildfly to use it”
However, if I open the address of the keycloak-server in my browser window it is shown that the connection is secured with the old ssl-certificate. It seems to me that the keystore is not updated automatically.
I further connected to the keycloak admin console and deleted the user/realm/keys cache (Master -> Realm Settings -> Cache). Still the new certificate is not used by the server.
What do I have to do to make the server use the new ssl-certificates