Running Keycloak with TLS (Self-signed certificate)

This post will go through how to quickly set up a self-signed TLS certificate for running an instance of Keycloak locally. Only for local development purposes.

Setup

• Openssl
• Keycloak(Quarkus) distribution

Generate the SSL certificate (self-signed certificate) in your preferred terminal

openssl req -newkey rsa:2048 -nodes \
  -keyout keycloak-server.key.pem -x509 -days 3650 -out keycloak-server.crt.pem

It will prompt for details like

Country Name (2 letter code) []:
State or Province Name (full name) []:
Locality Name (eg, city) []:
Organization Name (eg, company) []:
Organizational Unit Name (eg, section) []:
Common Name (eg, fully qualified host name) []:
Email Address []

Keycloak (Quarkus distribution using Keycloak 19.0.1)

Using the kc shell script to launch the Keycloak server with flags to pass the server certificate & key.

./kc.sh start-dev --https-port=8081 --https-certificate-file=keycloak-server.crt.pem --https-certificate-key-file=keycloak-server.key.pem

Keycloak (TLS)

[io.quarkus] (main) Keycloak 19.0.1 on JVM…