Configure HTTPS for Keycloak on OS X - metadatacenter-attic/cedar-docs GitHub Wiki

goconf
cp keycloak/keystore/keycloak.jks $KEYCLOAK_HOME/standalone/configuration/

cd $KEYCLOAK_HOME/standalone/configuration/
vi standalone.xml

Locate the <security-realms> element, and add the content below to that block.

<security-realm name="UndertowRealm">
  <server-identities>
    <ssl>
      <keystore path="keycloak.jks" relative-to="jboss.server.config.dir" keystore-password="CEDAart34##$55" />
    </ssl>
  </server-identities>
</security-realm>

Locate the <server name="default-server"> element and add a HTTPS listener to the default HTTP listener as follows:

<https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>

Locate the socket-binding-group element and change the HTTPS port in the socket-binding subelement to 8543 as follows:

<socket-binding name="https" port="${jboss.https.port:8543}"/>

Stop the server if it is running and restart it as follows:

gokk
./standalone.sh

At this moment you don't have the root certificate in your trust store, so accessing Keycloak from a browser on port 8543 as follows should alert you about an invalid certificate:

https://auth.metadatacenter.orgx:8543/

Do not add a security exception at this moment.

However, you can test it from the lynx browser, if you have it. If not, you can install it:

brew install lynx

And then test it:

lynx https://auth.metadatacenter.orgx:8543/

Lynx will alert you about the invalid SSL certificate. You can accept that and continue. The important thing is not to add the security exception to your default browser