Configuring the TLS Encryption

---

The SEAL-specific Keycloak comes with a self-signed certificate. The certificate is stored in the following directory:

```
C:\ProgramData\SEAL Systems\config\tls
```

In a productive environment, execute the following steps to change the certificates:

1. Get the TLS certificate in PEM format.

   The certificate has to contain the server name of the Keycloak server.

2. Create a new directory for the external TLS certificates:

   mkdir C:\ProgramData\SEAL Systems\config\tls-external
   

3. Copy the private key and the public certificate into the new directory:

   copy <your_key.pem> C:\ProgramData\SEAL Systems\config\tls-external\key.pem
   

   copy <your_cert.pem> C:\ProgramData\SEAL Systems\config\tls-external\cert.pem
   

4. In an editor, open the Keycloak configuration file:

   C:\ProgramData\SEAL Systems\config\keycloak.conf
   

5. Change the the directory for the certificates to the new directory:

   # PEM encoded X.509 certificate
   #https-certificate-key-file=C:\\ProgramData\\SEAL Systems\\config\\tls-external\\key.pem
   #https-certificate-file=C:\\ProgramData\\SEAL Systems\\config\\tls-external\\cert.pem
   

6. Save the file and exit.

7. Restart the service:

   restart-service seal-keycloak
   

---