Restoring SAML- or OIDC-authenticated servers with SSL

Additional steps are required to restore a SAML- or OIDC-authenticated server with SSL if any of the following conditions apply:

Complete the following tasks (if applicable to your system environment) after restoring your server configuration and before starting the web server.

If your IdP uses a self-signed SSL certificate

Import the certificate into your new server's JVM keystore:
keytool -import -alias keycloak -file idp-cert.crt -keystore <server_install>/_jvm/lib/security/cacert

If your source Validate server uses SSL with a self-signed certificate

  1. Confirm that the certificate "subjectAltName" includes valid DNS names.
  2. Adjust the DNS names according to the names of the new server.  
  3. Reimport the Validate SSL certificate into your new server's JVM keystore. For instructions, see Import certificate to Validate JVM or other trusted keystore.
  4. Confirm that the certificate referenced in the <projects_root>/tomcat/conf/server.template file still has a valid path.

If you are using a SAML-authenticated server

Confirm that any certificates and keys referenced in the {projects_root}/config/auth.properties file still have valid paths.