airavata-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcus Christie (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AIRAVATA-2429) Keycloak: use Apache to handle SSL and reverse proxy to Keycloak
Date Mon, 05 Jun 2017 16:56:04 GMT

    [ https://issues.apache.org/jira/browse/AIRAVATA-2429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16037206#comment-16037206
] 

Marcus Christie commented on AIRAVATA-2429:
-------------------------------------------

I'm going to close this issue since it is no longer relevant.

I thought we were using a Let's Encrypt certificate for the SciGaP Keycloak installation.
 But [~smarru] informed me we're using a 3 year InCommon certificate.

I think letting Apache handle SSL is probably still a good idea since it would be much easier
to deal with Apache SSL config than Keycloak's Java keystore.  But the need for this is now
not so urgent.

> Keycloak: use Apache to handle SSL and reverse proxy to Keycloak
> ----------------------------------------------------------------
>
>                 Key: AIRAVATA-2429
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-2429
>             Project: Airavata
>          Issue Type: Bug
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>
> Motivation: make it easier to deal with Let's Encrypt certificate renewals. Right now
Keycloak is configured for SSL but the certificate is in a Keystore file (keycloak.jks). 
We would need some sort of script to manipulate the keystore file each time we the Let's Encrypt
certificate is renewed.
> *Correction*: in SciGaP we aren't using Let's Encrypt for the SSL certification.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message