Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-16927

TLS certificates cannot be reloaded

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Explained
    • 12.0.2
    • None
    • Container
    • None
    • Hide

      1. Follow the directions for setting up TLS in a Docker environment.

      2. Renew the tls.crt certificate.

      3. Keycloak will not serve the new certificate, even after a restart of the container

       

      Note: Re-running x509.sh in the container also does not appear to update the keystore with a new certificate.

      Show
      1. Follow the directions for setting up TLS in a Docker environment . 2. Renew the tls.crt certificate. 3. Keycloak will not serve the new certificate, even after a restart of the container   Note: Re-running x509.sh in the container also does not appear to update the keystore with a new certificate.
    • NEW
    • NEW
    • ---
    • ---

    Description

      The script x509.sh is run when the keystore Docker container is created, and never again.

      So, when I replace my tls.crt with a renewed TLS certificate, the only way to reload the certificate files in Keycloak is to delete and recreate the Keycloak container.

      It would be very useful if the keystore were checked or rebuilt every time the container starts.

      Even better, rebuild the keystore of a running Keycloak instance when the certificate files are updated.

      This would make Keycloak easier to use with short-lived TLS certificates.

      Attachments

        Activity

          People

            Unassigned Unassigned
            carl_t Carl Tashian (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: