Configuring the TLS Encryption

---

The SEAL-specific Keycloak comes with a self-signed certificate. The certificate is stored in the following directory:

```
"C:\ProgramData\SEAL Systems\config\tls"
```

In a productive environment, execute the following steps to change the certificates:

1. Get the TLS certificate in PEM format.

   The certificate has to contain the server name of the Keycloak server.

2. Create a new directory for the external TLS certificates:

   mkdir "C:\ProgramData\SEAL Systems\config\tls-external"
   

3. Copy the private key and the public certificate into the new directory:

   copy <your_key.pem> "C:\ProgramData\SEAL Systems\config\tls-external\key.pem"
   

   copy <your_cert.pem> "C:\ProgramData\SEAL Systems\config\tls-external\cert.pem"
   

4. In an editor, open the Keycloak configuration file:

   "C:\ProgramData\SEAL Systems\config\keycloak.conf"
   

5. Change the the directory for the certificates to the new directory:

   # PEM encoded X.509 certificate
   #https-certificate-key-file="C:/ProgramData/SEAL Systems/config/tls-external/key.pem"
   #https-certificate-file="C:/ProgramData/SEAL Systems/config/tls-external/cert.pem"
   

6. Save the file and exit.

7. Restart the service:

   restart-service seal-keycloak
   

---