Running keycloak server on https

In this blog we will setup the keycloak instance with ssl encryption.

Requirements:

A running keycloak instance,

SSL certificates

NOTE: KEYCLOAK SETUP, follow the below mention links.

Keycloak Setup. Keycloak is an Open Source Identity and… | by Dheeraj kumar | Medium

Note: If you don’t have third party certificates, then you can generate one , self signed certificates by following the below mentioned blog or you can simply use these openssl commands.

#Create self-signed certificate

openssl genrsa -out server.key 2048
openssl req -new -out server.csr -key server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

How to create your own root ca to sign self signed certificates? | by Dheeraj kumar | Medium

Running the keycloak on https, consists of the two parts, In first part we will create the .Jks file which is needed for the keycloak server to provide ssl encryption, and in the second part, we will do the changes in the standalone.xml file to make our keycloak server compatible for https by using the .jks file that we have generated.

Step 1: Convert the x.509 cert and key to a pkcs12 file.

openssl pkcs12 -export -in server.crt -inkey server.key \
 -out server.p12 -name [some-alias] \
 -CAfile ca.crt -caname root