CodingAllTheTime
Explore posts from serversPostgres Plugin: SSL error: Certificates do not conform to algorithm constraints
@Brody This is the Dockerfile
FROM quay.io/keycloak/keycloak:22.0.1 AS builder
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
ENV KC_FEATURES=token-exchange
ENV KC_DB=postgres
RUN sed -i 's/jdk.certpath.disabledAlgorithms=MD2, SHA1, MD5, DSA, RSA keySize < 2048/jdk.certpath.disabledAlgorithms=MD2, MD5, DSA, RSA keySize < 2048/' /etc/crypto-policies/back-ends/java.config
ADD --chown=keycloak:keycloak https://github.com/klausbetz/apple-identity-provider-keycloak/releases/download/1.7.0/apple-identity-provider-1.7.0.jar /opt/keycloak/providers/apple-identity-provider-1.7.0.jar
COPY themes/keywind/theme/keywind /opt/keycloak/themes/keywind
COPY realms /opt/keycloak/data/import
RUN /opt/keycloak/bin/kc.sh build
Final Image
FROM quay.io/keycloak/keycloak:22.0.1
Copying Keycloak
COPY --from=builder /opt/keycloak/ /opt/keycloak/
WORKDIR /opt/keycloak
ENV HOSTNAME=${HOSTNAME}
ENV KEYCLOAK_ADMIN=${KEYCLOAK_USER}
ENV KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_PASSWORD}
ARG PGHOST
ARG PGPORT
ARG PGDATABASE
ARG PGUSER
ARG PGPASSWORD
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
CMD ["start", "--proxy", "edge", "--hostname", "${HOSTNAME}", "--import-realm", "--db=postgres", "--db-url", "jdbc:postgresql://${PGHOST}:${PGPORT}/${PGDATABASE}", "--db-username", "${PGUSER}", "--db-password", "${PGPASSWORD}"]
25 replies
Postgres Plugin: SSL error: Certificates do not conform to algorithm constraints
@Brody Keycloak recently added SHA1 to the list of disabled ssl algos.
The general advice for devs encountering this issue when trying to connect to cloud db's still using this algo is to manually edit the java.config file to remove SH1 from the list of disabled algos during docker build https://github.com/keycloak/keycloak/issues/19185#issuecomment-1480763024
I have tried this, but that doesn't work on Railway. Everytime I try I get a permission denied, these are my logs. When I try to write to a temporary file and use that file as the new java.config: #5 DONE 4.4s #7 [builder 2/6] RUN sed -i 's/jdk.certpath.disabledAlgorithms=MD2, SHA1, MD5, DSA, RSA keySize < 2048/jdk.certpath.disabledAlgorithms=MD2, MD5, DSA, RSA keySize < 2048/' /usr/share/crypto-policies/DEFAULT/java.txt #7 1.769 sed: couldn't open temporary file /usr/share/crypto-policies/DEFAULT/sedvMPHzX: Permission denied #7 ERROR: process "/bin/sh -c sed -i 's/jdk.certpath.disabledAlgorithms=MD2, SHA1, MD5, DSA, RSA keySize < 2048/jdk.certpath.disabledAlgorithms=MD2, MD5, DSA, RSA keySize < 2048/' /usr/share/crypto-policies/DEFAULT/java.txt" did not complete successfully: exit code: 4
I have tried this, but that doesn't work on Railway. Everytime I try I get a permission denied, these are my logs. When I try to write to a temporary file and use that file as the new java.config: #5 DONE 4.4s #7 [builder 2/6] RUN sed -i 's/jdk.certpath.disabledAlgorithms=MD2, SHA1, MD5, DSA, RSA keySize < 2048/jdk.certpath.disabledAlgorithms=MD2, MD5, DSA, RSA keySize < 2048/' /usr/share/crypto-policies/DEFAULT/java.txt #7 1.769 sed: couldn't open temporary file /usr/share/crypto-policies/DEFAULT/sedvMPHzX: Permission denied #7 ERROR: process "/bin/sh -c sed -i 's/jdk.certpath.disabledAlgorithms=MD2, SHA1, MD5, DSA, RSA keySize < 2048/jdk.certpath.disabledAlgorithms=MD2, MD5, DSA, RSA keySize < 2048/' /usr/share/crypto-policies/DEFAULT/java.txt" did not complete successfully: exit code: 4
25 replies