I have a Tomcat servlet with a setup for validating a Bearer token against a remote Keycloak server. This was my solution for avoiding SSL errors in the past:  

@Data
@Configuration
@ConfigurationProperties("keycloak.ssl")
public class SslClientProperties {
    private String trustStore;
    private String trustStorePassword;
}

@Configuration
public class SslConfiguration {
    public SslConfiguration(SslClientProperties properties) {
        if (properties != null) {
            if (StringUtils.isNotBlank(properties.getTrustStore())) {
                System.setProperty("javax.net.ssl.trustStore", properties.getTrustStore());
            }

            if (StringUtils.isNotBlank(properties.getTrustStorePassword())) {
                System.setProperty("javax.net.ssl.trustStorePassword", properties.getTrustStorePassword());
            }
        }
    }
}

The properties point to a .jks file I created with the Keycloak website certificate like this:

keytool -import -alias testalias -file test.crt -keystore test.jks -storepass test@123

I've managed to resolve this by having my decoder use a restTemplate with SSL bundles configured in application.yml, but I was wondering if this is not a bug in fact. Should jvm properties not continue to work over any program specific setup?

Thank you for reading, hope this is relevant.

Comment From: wilkinsona

Thanks for the report.

Unfortunately, I don't think it contains enough information to diagnose the problem. It's not clear to me what you expect to read the system properties that you have set and how you have ensured that they have been set before whatever that is tries to read them.

If you would like us to spend some more time investigating, please spend some time providing a complete yet minimal sample that reproduces the problem. You can share it with us by pushing it to a separate repository on GitHub or by zipping it up and attaching it to this issue.

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: floringolintchi

I wasn't able to reproduce it in a demo project. I think it was probably just a poor configuration on my part, something I'm missing there that is causing it in that specific project. Thanks and sorry for the false issue. If I run into it again and manage to replicate it in a demo, then I'll reopen. Closing for now.