Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

keycloak docker image: change default value of ENV TRUSTSTORE and add new ENV EXTRA_CACERTS #2777

Closed
gunterze opened this issue Sep 16, 2020 · 0 comments
Closed

keycloak docker image: change default value of ENV TRUSTSTORE and add new ENV EXTRA_CACERTS #2777

gunterze opened this issue Sep 16, 2020 · 0 comments
Assignees
@gunterze
Labels
enhancement New feature or request
Milestone
5.22.6

Comments

@gunterze
Copy link
Member

gunterze commented Sep 16, 2020
edited

Related #2776

TRUSTSTORE

Path to keystore file with trusted certificates for TLS (optional, default is the default Java truststore
/usr/local/openjdk-11/lib/security/cacerts). s.o. EXTRA_CACERTS.

TRUSTSTORE_PASSWORD

Password used to protect the integrity of the keystore specified by TRUSTSTORE (optional, default is changeit).

TRUSTSTORE_PASSWORD_FILE

Password used to protect the integrity of the keystore specified by TRUSTSTORE via file input
(alternative to TRUSTSTORE_PASSWORD).

TRUSTSTORE_TYPE

Type (JKS or PKCS12) of the keystore specified by TRUSTSTORE (optional, default is JKS).

EXTRA_CACERTS

Path to keystore file with CA certificates imported to default Java truststore (optional, default is
/opt/wildfly/standalone/configuration/keystore/cacerts.p12, with sample CA certificate:

Subject    - CN=IHE Europe CA,O=IHE Europe,C=FR
Issuer     - CN=IHE Europe CA,O=IHE Europe,C=FR
Valid From - Fri Sep 28 11:19:29 UTC 2012
Valid To   - Wed Sep 28 11:19:29 UTC 2022
MD5 : 64:b6:1b:0f:8d:84:17:da:23:e4:e5:1c:56:ba:06:5d
SHA1 : 54:e0:10:c6:4a:fe:2c:aa:20:3f:50:95:45:82:cb:53:55:6b:07:7f

provided by the docker image only for testing purpose).

EXTRA_CACERTS_PASSWORD

Password used to protect the integrity of the keystore specified by EXTRA_CACERTS (optional, default is secret).

EXTRA_CACERTS_PASSWORD_FILE

Password used to protect the integrity of the keystore specified by EXTRA_CACERTS via file input
(alternative to EXTRA_CACERTS_PASSWORD).

Attention:
To preserve the previous behavior to only trust CA certificates specified in your TRUSTSTORE, you have to configure path and password by ENVs TRUSTSSTORE and TRUSTSTORE_PASS also in EXTRA_CACERTS and EXTRA_CACERTS_PASSWORD !
@gunterze gunterze added the enhancement New feature or request label Sep 16, 2020
@gunterze gunterze added this to the 5.23.0 milestone Sep 16, 2020
@gunterze gunterze self-assigned this Sep 16, 2020
gunterze added a commit to dcm4che-dockerfiles/keycloak that referenced this issue Sep 16, 2020
@gunterze
keycloak docker image: change default value of ENV TRUSTSTORE and add…
426374d 
… new ENV EXTRA_CACERTS dcm4che/dcm4chee-arc-light#2777
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gunterze gunterze

Labels
enhancement New feature or request
Projects
None yet
Milestone
5.22.6
Development

No branches or pull requests
1 participant
@gunterze