Skip to content

Configuring the TLS Encryption


The SEAL-specific Keycloak comes with a self-signed certificate. The certificate is stored in the following directory:

```
"C:\ProgramData\SEAL Systems\config\tls"
```

In a productive environment, execute the following steps to change the certificates:

  1. Get the TLS certificate in PEM format.

    The certificate has to contain the server name of the Keycloak server.

  2. Create a new directory for the external TLS certificates:

    mkdir "C:\ProgramData\SEAL Systems\config\tls-external"
    
  3. Copy the private key and the public certificate into the new directory:

    copy <your_key.pem> "C:\ProgramData\SEAL Systems\config\tls-external\key.pem"
    
    copy <your_cert.pem> "C:\ProgramData\SEAL Systems\config\tls-external\cert.pem"
    
  4. In an editor, open the Keycloak configuration file:

    "C:\ProgramData\SEAL Systems\config\keycloak.conf"
    
  5. Change the the directory for the certificates to the new directory:

    # PEM encoded X.509 certificate
    #https-certificate-key-file="C:/ProgramData/SEAL Systems/config/tls-external/key.pem"
    #https-certificate-file="C:/ProgramData/SEAL Systems/config/tls-external/cert.pem"
    
  6. Save the file and exit.

  7. Restart the service:

    restart-service seal-keycloak
    

Back to top