ci/oauth/keycloak/fetch_certificate
#!/bin/sh
# This script retrieves a certificate from the keycloak OIDC provider
# and puts it to a trusted operating system store.
# It is needed to communicate with the provider via SSL for validating ID tokens
openssl s_client \
-showcerts \
-connect keycloak:8443 \
-servername keycloak \
</dev/null | \
openssl x509 \
-outform PEM \
>/etc/ssl/certs/keycloak.pem