I’m getting following error as soon as I try to request a resource from keycloak via spring boot.
Failed to load URLs from https://keycloak.myDomain/auth/realms/myRealm/.well-known/openid-configuration
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I’m running Keycloak within a Kubernetes cluster which is managed by rancher.
I’m using the codecentric helm chart to deploy Keycloak.
This error, which I mentioned above, is not happening, as soon as I use keycloak.disable-trust-manager=true in my spring application.properties file.
That lead me to believe it is a issue with tls /ssl.
I provide a certificate via the cert-manager within rancher for my keycloak.myDomain, to make sure this domain has https.
I read a lot of things about the Truststore to enable ssl for keycloak. My question is now, didn’t I do this already when I added the tls section to my values.yaml?
Or the other question would be, why is the cert which I created from my cert-manager not working?
Hello,
maybe it is just a formatting issue, but secretName should be in the same column as hosts.
Is there a certificate under “Secrets” in Rancher that was created from cert-manager for your domain?
cheers
In my experience, this message merely means that something is wrong with the certificate validation, it does not tell you what. Try to enable SSL debugging to help you pinpointing the source of the problem.
Then it looks like you don’t have a valid CA certificates available on your Java level. Make sure you have current CA certs installed (or managed but Rancher if it is possible).