Update Dockerfile

Dockerfile

@@ -12,27 +12,40 @@ FROM quay.io/keycloak/keycloak:25.0.6
 # Copy built Keycloak
 COPY --from=builder /opt/keycloak/ /opt/keycloak/
 
+# Install keytool (comes with JDK, already available in image)
+USER root
 
-
-# Generate self-signed cert
+# Generate self-signed JKS keystore
 RUN mkdir -p /opt/keycloak/certs && \
-    openssl req -x509 -newkey rsa:4096 -keyout /opt/keycloak/certs/key.pem -out /opt/keycloak/certs/cert.pem -days 365 -nodes -subj "/CN=localhost"
+    keytool -genkeypair \
+      -alias selfsigned \
+      -keyalg RSA \
+      -keysize 2048 \
+      -storetype JKS \
+      -keystore /opt/keycloak/certs/keystore.jks \
+      -storepass changeit \
+      -keypass changeit \
+      -validity 365 \
+      -dname "CN=localhost, OU=Dev, O=POC, L=Nowhere, ST=None, C=XX"
+
+# Change ownership
+RUN chown -R 1000:0 /opt/keycloak/certs
 
 # Switch back to Keycloak user
 USER 1000
 
-# Expose Hugging Face port
+# Expose Hugging Face Space port
 EXPOSE 7860
 
-# Set admin credentials
+# Admin credentials
 ENV KEYCLOAK_ADMIN=admin
 ENV KEYCLOAK_ADMIN_PASSWORD=admin
 
-# Start Keycloak with HTTPS only on port 7860
+# Start Keycloak with HTTPS via JKS
 ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", \
     "--https-port=7860", \
-    "--https-certificate-file=/opt/keycloak/certs/cert.pem", \
-    "--https-certificate-key-file=/opt/keycloak/certs/key.pem", \
+    "--https-key-store-file=/opt/keycloak/certs/keystore.jks", \
+    "--https-key-store-password=changeit", \
     "--hostname-strict=false", \
     "--hostname-strict-https=false", \
     "--db=dev-mem"]