I have created certificate through openssl
Openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"
and import tls.crt
through keytool in java as well
keytool -import -file C:\Code_Base\Certificates\NGINX_150\tls.crt -storepass changeit -keystore "C:\Program Files\Java\jdk1.8.0_152\jre\lib\security\cacerts"
But i am getting
16:30:21,046 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (http-/0.0.0.0:8080-1) failed to turn code into token: javax.net.ssl.SSLException: hostname in certificate didn't match: <135.209.100.150> != at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:238) [httpclient-4.3.6.redhat-1.jar:4.3.6.redhat-1] at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54) [httpclient-4.3.6.redhat-1.jar:4.3.6.redhat-1] at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:159) [httpclient-4.3.6.redhat-1.jar:4.3.6.redhat-1] at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:140) [httpclient-4.3.6.redhat-1.jar:4.3.6.redhat-1] at org.apache.http.conn.ssl.SSLSocketFactory.verifyHostname(SSLSocketFactory.java:561) [httpclient-4.3.6.redhat-1.jar:4.3.6.redhat-1] at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:536) [httpclient-4.3.6.redhat-1.jar:4.3.6.redhat-1] at org.keycloak.adapters.SniSSLSocketFactory.connectSocket(SniSSLSocketFactory.java:109) [keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final] at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403) [httpclient-4.3.6.redhat-1.jar:4.3.6.redhat-1] at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177) [httpclient-4.3.6.redhat-1.jar:4.3.6.redhat-1] at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144) [httpclient-4.3.6.redhat-1.jar:4.3.6.redhat-1] at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131) [httpclient-4.3.6.redhat-1.jar:4.3.6.redhat-1] at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611) [httpclient-4.3.6.redhat-1.jar:4.3.6.redhat-1] at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) [httpclient-4.3.6.redhat-1.jar:4.3.6.redhat-1] at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863) [httpclient-4.3.6.redhat-1.jar:4.3.6.redhat-1] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) [httpclient-4.3.6.redhat-1.jar:4.3.6.redhat-1] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106) [httpclient-4.3.6.redhat-1.jar:4.3.6.redhat-1] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57) [httpclient-4.3.6.redhat-1.jar:4.3.6.redhat-1] at org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:107) [keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final] at org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:327) [keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final] at org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:273) [keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final] at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:130) [keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final] at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.authenticateInternal(AbstractKeycloakAuthenticatorValve.java:208) [keycloak-tomcat-core-adapter-2.4.0.Final.jar:2.4.0.Final] at org.keycloak.adapters.jbossweb.KeycloakAuthenticatorValve.authenticate(KeycloakAuthenticatorValve.java:39) [keycloak-as7-adapter-2.4.0.Final.jar:2.4.0.Final] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:187) [keycloak-tomcat-core-adapter-2.4.0.Final.jar:2.4.0.Final] at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.0.Final-redhat-21.jar:7.5.0.Final-redhat-21] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1] at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_152]
CN=nginxsvc
is probably wrong. Hostnames always go in the SAN. If its present in the CN, then it must be present in the SAN too (you have to list it twice in this case). For more rules and reasons, see How do you sign Certificate Signing Request with your Certification Authority and How to create a self-signed certificate with openssl? – jww