Restoring SAML- or OIDC-authenticated servers with SSL
Additional steps are required to restore a SAML- or OIDC-authenticated server with SSL if any of the following conditions apply:
- Your IdP uses a self-signed SSL certificate.
- Your source Validate server uses SSL with a self-signed certificate.
- You are using SAML.
Complete the following tasks (if applicable to your system environment) after restoring your server configuration and before starting the web server.
If your IdP uses a self-signed SSL certificate
Import the certificate into your new server's JVM keystore: keytool -import -alias keycloak -file idp-cert.crt -keystore <server_install>/_jvm/lib/security/cacert
If your source Validate server uses SSL with a self-signed certificate
- Confirm that the certificate "subjectAltName" includes valid DNS names.
- Adjust the DNS names according to the names of the new server.
- Reimport the Validate SSL certificate into your new server's JVM keystore. For instructions, see Import certificate to Validate JVM or other trusted keystore.
- Confirm that the certificate referenced in the
<projects_root>/tomcat/conf/server.template
file still has a valid path.
If you are using a SAML-authenticated server
Confirm that any certificates and keys referenced in the {projects_root}/config/auth.properties
file still have valid paths.