I have Keycloak and OpenLDAP running in separate CentOS 7 VMs (non-Docker currently). I have configured both with corporate certificates and have added the CA certificated to the Java cacerts file (via update-ca-trust) on the Keycloak VM. When running standalone Wildfly with SSL debug enabled, I see my CA certificate being loaded in the log file. Unsecure connections to the LDAP work fine. When I invoke StartTLS, an NPE results in the log (LDAPContextManager line 80). I have tried both LDAP and LDAPS, with the host name and IP address (my server cert has both). Interesting that I see no SSL handshake debug in the log file, just the initial trust output.
BTW, I am able to connect to the LDAP server with StartTLS from Apache Directory Studio and have verified that the CA certificate is the same.
I have searched the web for a solution with no luck. I believe I saw a reference to a similar issue in an older version, but no real resolution.
Please let me know if I need to include the entire stack trace.