0

I was using my spring-boot service with keycloak for login. Until yesterday I had a keycloak on localhost:8081, but today we have been given a new domain for Keycloak (https://example.com) instead of still using localhost:8081. For this I had to update my 'etc/hosts' file with the new domain.

The problem is that I can't launch any request from my microservice. I have a controller, with many end-points, but I can't access any of them, I get the error:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

with this Warning:

Failed to load URLs from https://example.com/auth/realms/REALM/.well-known/openid-configuration

However, from Postman I can access this URL: https://example.com/auth/realms/REALM/.well-known/openid-configuration

In theory, I have my application.yaml well configured with the keycloak settings (I only had to change the auth path, where before it was localhost, is now my https://example.com)

keycloak.auth-server-url: https://example.com/auth/
keycloak.realm: MyREALM
keycloak.resource: login
keycloak.public-client: true
keycloak.credentials.secret: mysecret

I accessed my keycloak (with the new domain), I tried to export the certificate and with Keytools integrate it in the 'cacerts' file but I haven't been able to get it to work.

I've tried following these articles, but they don't solve my problem:

Keycloak: Failed to load URLs in Spring Boot Application

"PKIX path building failed" and "unable to find valid certification path to requested target"

Why is my microservice giving me this error?

2022-07-20 12:03:28.013 WARN 25996 --- [nio-8080-exec-4] o.keycloak.adapters.KeycloakDeployment : Failed to load URLs from https://example.com/auth/realms/MyREALM/.well-known/openid-configuration

javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:370) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:313) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308) ~[na:na]
Jan Garaj
  • 25,598
  • 3
  • 38
  • 59
Talenel
  • 422
  • 2
  • 6
  • 25
  • It looks like your https://example.com has misconfigured TLS (HTTPS). For example it is uses Let's Encrypt CA, but it doesn't expose intermediate LE certificates. – Jan Garaj Jul 20 '22 at 16:27
  • How Can I configurated TLS to expose LE certificates? @JanGaraj – Talenel Jul 21 '22 at 06:11

1 Answers1

0

I read many info about the certificates, download certificates of HTTPs web and add it to the cacerts file but it doesn't work for me.

The solution (temporally) was:

The problem with certificates was only in mi localhost, not in the development environment. Then, in local, I opened a port-forward connection with Keycloak service, which throws the certificates-exception. It cans allowed me don't attack directly to the domain from Spring-Boot, avoiding the certificates error.

port-forward service/keycloak 8081:8080
Talenel
  • 422
  • 2
  • 6
  • 25