I am trying to setup an mTLS connection with our Keycloak identity provider using certificates and keys issued by spire.
The Setup
The spire-agent is configured with: workload_x509_svid_key_type = "rsa-2048".
The client side is using ghostunnel to setup a tunnel. ghostunnel has support for fetching certificate and key via the spire workload API.
The server side is retrieving the certificate and key through the spire workload API as well. They are then wrapped into a keystore & truststore via keytool.
The Problem
The ghostunnel cannot negotiate the SSL connection and throws a handshake error. I added -Djavax.net.debug=ssl:handshake to the Keycloak instance to debug the handshake and I see this error: javax.net.ssl.SSLHandshakeException: No available authentication scheme and I don't know what it means.
Is this a problem server-side or client-side?
EDIT: Here are the logs with the error message: https://gist.github.com/moritzschmitz-oviva/3c9c77f4445880e5f57c56318665d451.