As an addition to our Setting Up A Keycloak Server For Authenticating To FileMaker series, we’ve documented the new approach to configuring the SSL certificate in Keycloak 16. Hopefully this is useful to more than just FileMaker folks:
It is also available on our website at soundsessential.com.
2 Likes
Thank-you for the informative article. It seems to be based on the assumption that the keystore contains a single entry. Sites with multiple entries in their keystore should use the ‘alias-filter’ attribute as shown below:
<tls>
<key-stores>
<key-store name="applicationKS">
<credential-reference clear-text="PASSWORD"/>
<implementation type="JKS"/>
<file path="keycloak.jks" relative-to="jboss.server.config.dir"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="applicationKM" key-store="applicationKS" alias-filter="ALIAS" >
<credential-reference clear-text="PASSWORD"/>
</key-manager>
</key-managers>
<server-ssl-contexts>
<server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
</server-ssl-contexts>
</tls>
Where 'ALIAS" matches the output of keytool -list -keystore keycloak.jks and ‘PASSWORD’ matches the password of the keystore.
This attribute is described here: Chapter 1. Securing the Server and Its Interfaces Red Hat JBoss Enterprise Application Platform 7.2 | Red Hat Customer Portal