libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions
keycloak-scim/testsuite/integration-arquillian/servers/auth-server/common/fips/README-keystores-format-conversion.md

18 lines
1.1 KiB
Markdown
Raw Normal View History

Initial support for running testsuite in BCFIPS approved mode Closes #16429
2023-01-12 17:24:23 +00:00
How to convert keystores and truststores
----------------------------------------
Magic command to import PKCS12 keystore to BCFKS
```
keytool -importkeystore -srckeystore keycloak-fips.keystore.pkcs12 -destkeystore keycloak-fips.keystore.bcfks \
-srcstoretype PKCS12 -deststoretype BCFKS -deststorepass passwordpassword \
-providername BCFIPS \
-providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider \
-provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider \
-providerpath $MAVEN_REPO_HOME/org/bouncycastle/bc-fips/1.0.2.3/bc-fips-1.0.2.3.jar \
-J-Djava.security.properties=$KEYCLOAK_SOURCES/testsuite/integration-arquillian/servers/auth-server/common/fips/kc.keystore-create.java.security
```
Default password is `passwordpassword`.
When converting from `JKS` to `PKCS12` on non-FIPS host, only first 2 lines from this command are needed (no need to use BCFIPS provider).
Original JKS keystore, which was used to create `PKCS12` (and transitively also `BCFKS`) keystore is [keycloak.jks](../keystore/keycloak.jks).
Original JKS truststore is [keycloak.truststore](../keystore/keycloak.truststore).
Reference in a new issue Copy permalink