- Retrieve the JSON Web Key Set using the JWKS URI
- For example, for Keycloak it would be
https://<keycloak server>/auth/realms/<realm>/protocol/openid-connect/certs
- For example, for Keycloak it would be
- From the JSON body you can extract the CA Certificate
- If you are using jq you can extract the CA certificate using the JSONPath expression
.keys[0].x5c[0]
curl https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/certs| jq -r ".keys[0].x5c[0]"
- If you are using jq you can extract the CA certificate using the JSONPath expression
- In the
ServiceMeshControlPlane
custom resource, add the CA Certificate as shown below:apiVersion: maistra.io/v2 kind: ServiceMeshControlPlane
metadata: