Replies: 4 comments
-
|
I believe these two issues need to be resolved to support the feature for HTTPS server certificate:
Client certificate for Postgres database connection is reloaded at every connection attempt already as of today. |
Beta Was this translation helpful? Give feedback.
-
|
Do you know if it's possible currently in keycloak 22.0.x? If i understood right from quarkusio/quarkus#15926 (comment) it should be possible to hot reload a TLS certificate in Quarkus already today, but does Keycloak 22 takes advantage of that possibility? |
Beta Was this translation helpful? Give feedback.
-
|
No, Keycloak does not have this functionality yet. The standard JDK KeyManager is still used, and it does not reload when certificates change on disk. Quarkus makes it possible for an application to set own KeyManager - which allows application to provide an alternative implementation that can hot-reload certificates. I've worked with this topic a bit since posting this, but there has not been consensus on the feature yet. |
Beta Was this translation helpful? Give feedback.
-
|
I've converted this to an issue #26524 |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Is it possible to "hot-reload" renewed/rotated TLS certificate and key without restarting Keycloak? The question applies to all interfaces, for example HTTPS server certificate or client certificate towards backend database such as Postgres.
Previously it was possible to reload using WildFly CLI.
Beta Was this translation helpful? Give feedback.
All reactions