keycloak-scim/testsuite/integration-arquillian/servers/auth-server/common/fips/README-keystores-format-conversion.md at 3111ef008554f1f4c83887fad1c6a0d163be77b1

mposolda 79fa6bb3c9 Initial support for running testsuite in BCFIPS approved mode

Closes #16429

2023-01-13 02:59:06 -08:00

1.1 KiB

Raw Blame History

How to convert keystores and truststores

Magic command to import PKCS12 keystore to BCFKS

keytool -importkeystore -srckeystore keycloak-fips.keystore.pkcs12 -destkeystore keycloak-fips.keystore.bcfks \
    -srcstoretype PKCS12 -deststoretype BCFKS -deststorepass passwordpassword \
    -providername BCFIPS \
    -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider \
    -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider \
    -providerpath $MAVEN_REPO_HOME/org/bouncycastle/bc-fips/1.0.2.3/bc-fips-1.0.2.3.jar \
    -J-Djava.security.properties=$KEYCLOAK_SOURCES/testsuite/integration-arquillian/servers/auth-server/common/fips/kc.keystore-create.java.security

Default password is passwordpassword.

When converting from JKS to PKCS12 on non-FIPS host, only first 2 lines from this command are needed (no need to use BCFIPS provider). Original JKS keystore, which was used to create PKCS12 (and transitively also BCFKS) keystore is keycloak.jks. Original JKS truststore is keycloak.truststore.

1.1 KiB Raw Blame History

How to convert keystores and truststores

1.1 KiB

Raw Blame History