Configuring the TLS Encryption

---

The SEAL-specific Keycloak comes with a self-signed certificate. The certificate is stored in the following directory:

```
/opt/seal/etc/tls
```

In a productive environment, execute the following steps to change the certificates:

1. Get the TLS certificate in PEM format.

   The certificate has to contain the server name of the Keycloak server.

2. Create a new directory for the external TLS certificates:

   mkdir /opt/seal/etc/tls-external
   

3. Copy the private key and the public certificate into the new directory:

   cp <your_key.pem> /opt/seal/etc/tls-external/key.pem
   

   cp <your_cert.pem> /opt/seal/etc/tls-external/cert.pem
   

4. In an editor, open the Keycloak configuration file:

   /opt/seal/etc/keycloak.conf
   

5. Change the directory for the certificates to the new directory:

   # PEM encoded X.509 certificate
   #https-certificate-key-file=/opt/seal/etc/tls-external/key.pem
   #https-certificate-file=/opt/seal/etc/tls-external/cert.pem
   

6. Save the file and exit.

7. Start the service:

   sudo systemctl start seal-keycloak
   

---