Configuring the TLS Encryption¶
The SEAL-specific Keycloak comes with a self-signed certificate. The certificate is stored in the following directory:
```
"C:\ProgramData\SEAL Systems\config\tls"
```
In a productive environment, execute the following steps to change the certificates:
-
Get the TLS certificate in PEM format.
The certificate has to contain the server name of the Keycloak server.
-
Create a new directory for the external TLS certificates:
mkdir "C:\ProgramData\SEAL Systems\config\tls-external"
-
Copy the private key and the public certificate into the new directory:
copy <your_key.pem> "C:\ProgramData\SEAL Systems\config\tls-external\key.pem"
copy <your_cert.pem> "C:\ProgramData\SEAL Systems\config\tls-external\cert.pem"
-
In an editor, open the Keycloak configuration file:
"C:\ProgramData\SEAL Systems\config\keycloak.conf"
-
Change the the directory for the certificates to the new directory:
# PEM encoded X.509 certificate #https-certificate-key-file="C:/ProgramData/SEAL Systems/config/tls-external/key.pem" #https-certificate-file="C:/ProgramData/SEAL Systems/config/tls-external/cert.pem"
-
Save the file and exit.
-
Restart the service:
restart-service seal-keycloak