[KEYCLOAK-16927] TLS certificates cannot be reloaded - Red Hat Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Explained
Affects Version/s: 12.0.2
Fix Version/s: None
Component/s: Container
Labels:
None

Steps to Reproduce:

Hide

1. Follow the directions for setting up TLS in a Docker environment.

2. Renew the tls.crt certificate.

3. Keycloak will not serve the new certificate, even after a restart of the container

Note: Re-running x509.sh in the container also does not appear to update the keystore with a new certificate.

Show
1. Follow the directions for setting up TLS in a Docker environment . 2. Renew the tls.crt certificate. 3. Keycloak will not serve the new certificate, even after a restart of the container Note: Re-running x509.sh in the container also does not appear to update the keystore with a new certificate.
Docs QE Status:
NEW
QE Status:
NEW
[QE] How to address?:
---
[QE] Why QE missed?:
---

Description

The script x509.sh is run when the keystore Docker container is created, and never again.

So, when I replace my tls.crt with a renewed TLS certificate, the only way to reload the certificate files in Keycloak is to delete and recreate the Keycloak container.

It would be very useful if the keystore were checked or rebuilt every time the container starts.

Even better, rebuild the keystore of a running Keycloak instance when the certificate files are updated.

This would make Keycloak easier to use with short-lived TLS certificates.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Carl Tashian (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2021/01/26 3:16 PM

Updated:: 2021/10/24 6:08 AM

Resolved:: 2021/01/28 4:27 AM