Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-12699

[RHSSO] Keycloak image generates empty keystore on empty /etc/x509/https directory

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Optional
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: RH-SSO-7.3.7
    • Component/s: None
    • Labels:

      Description

      The current implementation of the Keycloak Container image generates (and uses!) an empty KeyStore if /etc/x509/https exists and is empty. This results in making HTTPS port (8443) unusable and every connection attempt end up with this error:

      curl https://172.17.0.2:8443
      curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
      

      Unfortunately, this often results in troubles in Operator usecase.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              slaskawi@redhat.com Sebastian Łaskawiec
              Reporter:
              slaskawi@redhat.com Sebastian Łaskawiec
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: