How to import a certificate (crt file) into keycloak?

Question

I'm configuring keycloak as an SP which is connecting to a PingFederate IDP.

I'd like to import the IDP's certificate file into keycloack so that the trust will succeed.

How do I import a crt file into keycloak?

Answer 1

This has been documented in the keycloak's site. https://www.keycloak.org/server/outgoinghttp#_outgoing_https_request_truststore

keytool -import -alias HOSTDOMAIN -keystore truststore.jks -file host-certificate.cer

The truststore is configured within the standalone.xml, standalone-ha.xml, or domain.xml file in your distribution. The location of this file depends on your operating mode.

<spi name="truststore">
    <provider name="file" enabled="true">
        <properties>
            <property name="file" value="path to your .jks file containing public certificates"/>
            <property name="password" value="password"/>
            <property name="hostname-verification-policy" value="WILDCARD"/>
            <property name="disabled" value="false"/>
        </properties>
    </provider>
</spi>