Firezone + Keycloak (Self-signed CA)

Hello everyone,

First of all, thank you for such a wonderful product! It works just great! :slight_smile:

I do have a little problem I’m not able to solve at the moment.

This happens when I’m trying to connect Firezone with Keycloak.

Keycloak is not externally available, hence using the private PKI.

I guess I have to import the Root-CA and Sub-CA somewhere on the Firezone and to trust it explicitly.

The questions is where exactly?

This is from the log.

{"log":"18:08:14.303 [notice] TLS :client: In state :wait_cert_cr at ssl_handshake.erl:2111 generated CLIENT ALERT: Fatal - Unknown CA\n","stream":"stdout","time":"2023-02-19T18:08:14.303620211Z"}

Thank you in advance!

Hey @slavcroat, I think you are looking for HTTP_CLIENT_SSL_OPTS at Environment Variables | firezone.

Hey @andrew_dryga , thanks for the quick reply. That looks promising.

I’ll try it out and let you know if it worked out. :slight_smile: