Where to get started / configuring SSL

Hello

New to Keycloack and am trying to evaluate whether it fits our needs. Creating realms/clients/users via the admin console has been nice and straightforward. Now I’m trying to set up ssl and am very confused and find the documentation lacking or not understandable (for me).
Ive read the following guides:
https://www.keycloak.org/docs/6.0/server_installation/#setting-up-https-ssl
https://wjw465150.gitbooks.io/keycloak-documentation/content/server_installation/topics/network/https.html

One guide asks me to use some commands via CLI (how do i use the cli? the provided commands dont seem to just be available via cmd), another asks me to manually edit the configuration xml.

Both of those seem to be targeting some UndertowRealm which I also don’t understand (is this some reserved name? the name of my realm?) and at the end I don’t have SSL working. Instead I am now getting an error

[org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute ‘security-realm’ in the resource at address ‘/core-service=management/management-interface=http-interface’ is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
15:23:55,938 INFO [org.jboss.as.controller.management-deprecated] (ServerService Thread Pool – 22) WFLYCTL0028: Attribute ‘security-realm’ in the resource at address ‘/subsystem=undertow/server=default-server/https-listener=https’ is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
15:23:55,948 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool – 22) WFLYCTL0013: Operation (“add”) failed - address: ([
(“subsystem” => “undertow”),
(“server” => “default-server”),
(“https-listener” => “https”)
]) - failure description: “WFLYCTL0212: Duplicate resource [
(“subsystem” => “undertow”),
(“server” => “default-server”),
(“https-listener” => “https”)
]”

when starting standalone.bat

what I’ve added to my standalone configration file:
1)

<buffer-cache name="default"/>
            <server name="default-server">
		<https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/> 

2.  <security-realms>
           </security-realm>
    		<security-realm name="UndertowRealm">
    			<server-identities>
    				<ssl>
    					<keystore path="keycloak.jks" relative-to="jboss.server.config.dir" keystore-password="password"/>
    				</ssl>
    			</server-identities>
    		</security-realm>
   

Is there some sort of guide or documentation which explains how the configuration xml is set up in general? I find it hard to troubleshoot when simply blindly copying things from the internet and praying it works. Also once the server is then started, wha port will https keycloack be available at?

Update: the duplicate resource error appears because :

<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>

the https-listener with the name https was already defined. If i remove this line I get rid of the error, but againt I have no idea what I’m destroying by removing that line

My problems were solved as follows :
open the documentation: Server Installation and Configuration Guide

1. start the cli by navigating to the /bin folder and running jboss-cli.bat

2. run the commands as presented in the documentation
   $ /core-service=management/security-realm=UndertowRealm:add()
   $ /core-service=management/security-realm=UndertowRealm/server-identity=ssl:add(keystore-path=keycloak.jks, keystore-relative-to=jboss.server.config.dir, keystore-password=secret)

3. check the changes in the standalone/configuration/standalone.xml

The documentation says to expect this:

<subsystem xmlns="urn:jboss:domain:undertow:11.0">
   <buffer-cache name="default"/>
   <server name="default-server">
      <https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>
   ...
</subsystem>

what i found was this (note the difference in the security-realm value!):
<subsystem xmlns="urn:jboss:domain:undertow:11.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
            <buffer-cache name="default"/>
            <server name="default-server">
          ...
                <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
          ..
</subsystem>

4. Test the system under the port 8443 as documented: Server Installation and Configuration Guide

As a suggestion to the documentation I would recommend adding a section describing where and how to start the CLI as this was not immediately clear to me, especially because the entire documentation build upon this! Perhaps I overlooked this somewhere.
Also the difference in security-realm value between the documentation and the result of the CLI is something I do not yet understand.

Hopefully this helps someone out!