Before reporting an issue

• I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

dist/quarkus

Describe the bug

Certificate reloading was introduced in V26.0.0 AFAIK(might be in V24 or V25) by setting the https configuration KC_HTTPS_CERTIFICATES_RELOAD_PERIOD to some duration which maps to quarkus config "quarkus.http.ssl.certificate.reload-period" set to 31s.
Reloading is controlled of the certificates set through https-* option as mentioned in config documentation as
"Interval on which to reload key store, trust store, and certificate files referenced by https-* options."

But only works for keystore

Version

26.4.7

Regression

• The issue is a regression

Expected behavior

Truststore is updated with the CA so the LDAPs should be configured.

Actual behavior

Following error is seen
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:388)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:271)
at java.base/sun.security.validator.Validator.validate(Validator.java:256)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:230)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1271)

How to Reproduce?

Keystore configured using KC_HTTPS_KEY_STORE_FILE
Truststore configured using KC_HTTPS_TRUST_STORE_FILE

Change the keystore file and the change can be seen in browser as server cert is shown changed when opening a new incognito window and looking at the server cert.

But when setting a LDAPs connection, the root CA is added to the truststore but the keycloak doesn't reload truststore.

Anything else?

No response