Skip to content

Instantly share code, notes, and snippets.

@Nurlan199206
Last active April 10, 2024 19:31
Show Gist options
  • Save Nurlan199206/a1aa9d4463aec21406e23885c9e171ea to your computer and use it in GitHub Desktop.
Save Nurlan199206/a1aa9d4463aec21406e23885c9e171ea to your computer and use it in GitHub Desktop.
KeyCloak LDAP SSL
Get Active Directory certificate
1. openssl s_client -showcerts -connect 192.168.1.155:636
2. copy cert output from previous command and save to your root keycloak truststores location! for example: /opt/keycloak/conf/truststores
2. mcedit /path/keycloak/bin/kc.sh
3. if you gettins SSL error when connecting to LDAP server:
In JAVA_OPTS add to the end of the line -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
4. restart keycloak: systemctl restart keycloak
Troubleshooting:
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment