Skip to content

Custom CA Certificate🔗

The customCa block allows you to provide a custom Certificate Authority (CA) certificate to the application. This is optional — if no values are provided, no custom CA will be used.

[!NOTE] The certificate is loaded by Keycloak and required when using LDAP integration with a custom CA certificate.

secrets:
  customCa:
    customCaCertificate: "" # Base64-encoded CA certificate content.
    existingCaSecret: "" # Name of an existing Kubernetes secret containing the CA certificate.

Option 1: Provide the CA certificate directly🔗

Use customCaCertificate to provide the base64-encoded content of your CA certificate. A new Kubernetes Secret will be automatically created by the Helm chart.

existingCaSecret must not be set.

secrets:
  customCa:
    customCaCertificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0t..."

Option 2: Use an existing Kubernetes Secret🔗

Use existingCaSecret to reference an existing secret that contains your CA certificate. The secret key must be base64 encoded.

customCaCertificate must not be set.

secrets:
  customCa:
    existingCaSecret: "<my-custom-ca-secret>"
Last update: November 24, 2025