Importing the Certificate into the Keycloak Truststore

Last Updated : Jun 10, 2026 |

About this task

If your Keycloak installation uses a Java keystore, you must first convert the certificate to the JKS format and then import it into a Java Keystore (JKS) file. To import the certificate into a Keycloak truststore, you must use the truststore used by the Java runtime Keycloak.

Procedure

Run the following command to import the certificate into a Java Keystore (JKS) file:

keytool -import -alias ldap-server -file ldap-server.crt -keystore truststore.jks -storepass changeit

Example:

keytool -import -alias ldap-server -file /home/admin/ldap-server.crt -keystore truststore.jks -storepass changeit
Run the following command to import the certificate into the Keycloak Truststore:

keytool -importcert -file ldap-server.crt -alias ldap-server -keystore /path/to/keycloak/conf/cacerts -storepass changeit

Example:

keytool -importcert -file /home/admin/ldap-server.crt -alias ldap-server -keystore /etc/alternatives/jre_17/lib/security/cacerts -storepass changeit

Following is the location for Keycloak certificate: /etc/alternatives/jre_17/lib/security/

Next Steps

Configuring LDAPS in Keycloak

Send Feedback

AVAYA DOCUMENTATION CENTER

No results found