Monday, August 10, 2015

Installing GoDaddy certificate in Wildfly/Keycloak

In the previous post we saw how to set up Keycloak. Here we will see how to generate and install certificate in Keycloak. The steps are similar for Wildfly as well.

Step 1: Generate CSR file

Run the following commands in your terminal. <> has to be replaced with your actual domain name.
keytool -genkey -alias mydomain_com -keyalg RSA -keysize 2048 -keystore mydomain_com.jks
keytool -certreq -alias mydomain_com -file mydomain_com.csr -keystore mydomain_com.jks

Step 2: Generate certificate

Upload mydomain_com.csr file content into, generate and download certificate for tomcat server (steps to generating SSL certificate is beyond the scope of this article). If you unzip the file, you will see the following files.
  1. gd_bundle-g2-g1.crt
  2. ..5f8c...3a89.crt  #some file with alphanumeric name
  3. gdig2.crt
Files 1 and 2 are of our interest. Third file is not required.

Step 3: Import certificate to key store

Download root certificate gdroot-g2.crt. Then run the following commands.
cp mydomain_com.jks godaddy.keycloak.jks
keytool -import -alias root -keystore godaddy.keycloak.jks -trustcacerts -file gd_bundle-g2-g1.crt
keytool -import -alias root2 -keystore godaddy.keycloak.jks -trustcacerts -file gdroot-g2.crt
keytool -import -alias <> -keystore godaddy.keycloak.jks -trustcacerts -file ..5f8c...3a89.crts

Step 4: Use the store in Keycloak/Wildlfy

Copy the store to your Keycloak/Wildlfy as follows and change the standalone.xml file appropriately as mentioned in the previous post.
cp godaddy.keycloak.jks <keycloak/wildlfy_INSTALL_DIR>/standalone/configuration/
That's all.