Configuring the TLS Encryption¶
-
Get a certificate as Java keystore, see requirements.
Literature
For details on how to create a keystore and convert credentials, see Convert Certificates.
-
Copy the Java keystore into the
tlsconfiguration directory:/opt/seal/etc/tls -
In an editor, open the Keycloak configuration file:
/opt/seal/etc/keycloak.conf -
Activate the following lines by decommenting them and enter the name of the Java keystore file and the associated password:
# JKS encoded X.509 certificate https-key-store-file=/opt/seal/etc/tls/<keystore_filename> https-key-store-password=<keystore_password> -
Deactivate the following lines by commenting them:
# PEM encoded X.509 certificate #https-certificate-key-file=/opt/seal/etc/tls/key.pem #https-certificate-file=/opt/seal/etc/tls/cert.pem -
Save the file and exit.
-
Restart the
seal-keycloakservice:sudo systemctl restart seal-keycloak