Eugenio Tampieri's blog

Keycloak with Microsoft SQL Server 2016

It should work out of the box, but it didn’t (for me).

It complained about the server certificate ( Algorithm constraints check failed on signature algorithm: SHA1withRSA).

This is how I fixed it:

  1. I created a new self-signed certificate for the host (
    New-SelfSignedCertificate `
      -Type SSLServerAuthentication `
      -Subject "CN=$env:COMPUTERNAME" `
      -FriendlyName "SQL Server Test self-signed" `
      -DnsName "$env:COMPUTERNAME",'localhost.'  `
      -KeyAlgorithm RSA -KeyLength 2048 -Hash 'SHA256' `
      -TextExtension '{text}' `
      -NotAfter (Get-Date).AddMonths(240) `
      -KeySpec KeyExchange `
      -Provider "Microsoft RSA SChannel Cryptographic Provider" `
      -CertStoreLocation "Cert:\LocalMachine\My"
  2. Opened mmc.exe, added certificates (local computer) snap-in and copied it to the trusted root authorities
  3. Right clicked the certificate > All tasks > Open > Details
  4. Copied the thumbprint (no spaces)
  5. Opened regedit
  6. Pasted into Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MicrosoftSQLServer\MSSQL13.GE\MSSQLServer\SuperSocketNetLib (
  7. Restarted Microsoft SQL Server
  8. Modified keycloak.conf: db-url=jdbc:sqlserver://sqlsrv;databaseName=<keycloakDB>;user=<keycloakUser>;password=s3cr3t;authentication=SqlPassword;trustServerCertificate=true;