Closed sunmingtao closed 4 years ago
This is because the JDK Key store doesn't have the certificate required by keycloak. Normally you shouldn't need to manually install the certificate as the latest JDK (even 8) contains such certificate. But some developer may be using a fairly old version of JDK 8 which doesn't include the certificate in question.
Tried various solutions suggested here https://stackoverflow.com/questions/21076179/pkix-path-building-failed-and-unable-to-find-valid-certification-path-to-requ
I find the easiest solution is to replace the cacerts file, which is located at $JAVA_HOME/jre/lib/security, with a relatively new one.
To quickly test whether the new cert works, add VM args
-Djavax.net.ssl.trustStore=path_to_new_cacert
How to find your cacerts file?
For java 8, it locates at /Library/Java/JavaVirtualMachines/jdk-11.0.4.jdk/Contents/Home/lib/security/cacerts For java 11, it locates at /Library/Java/JavaVirtualMachines/jdk1.8.0_171.jdk/Contents/Home/jre/lib/security/cacerts
Enter credentials on Keycloak login page Get error: