Truststore configuration prior to KC24 uses two different truststores for mTLS and outgoing HTTPS connections and you had to upload a complete truststore (e.g. .jks file). This has changed starting from KC24, now only one truststore is used and you have to configure the used cert files for the truststore. Keycloak will import them itself into its truststore.
The options to configure the mTLS truststore via https-trust-store-* is deprecated. Instead, specify the certs via truststore-paths.
For further information see releasenotes for KC24.
Description
Truststore configuration prior to KC24 uses two different truststores for mTLS and outgoing HTTPS connections and you had to upload a complete truststore (e.g. .jks file). This has changed starting from KC24, now only one truststore is used and you have to configure the used cert files for the truststore. Keycloak will import them itself into its truststore.
The options to configure the mTLS truststore via
https-trust-store-*is deprecated. Instead, specify the certs viatruststore-paths.For further information see releasenotes for KC24.