diff --git a/nixos/tests/keycloak.nix b/nixos/tests/keycloak.nix
index ae8f4c5f7e6..fc321b8902f 100644
--- a/nixos/tests/keycloak.nix
+++ b/nixos/tests/keycloak.nix
@@ -3,7 +3,8 @@
 # client using their Keycloak login.
 
 let
-  frontendUrl = "http://keycloak/auth";
+  certs = import ./common/acme/server/snakeoil-certs.nix;
+  frontendUrl = "https://${certs.domain}/auth";
   initialAdminPassword = "h4IhoJFnt2iQIR9";
 
   keycloakTest = import ./make-test-python.nix (
@@ -17,15 +18,27 @@ let
       nodes = {
         keycloak = { ... }: {
           virtualisation.memorySize = 1024;
+
+          security.pki.certificateFiles = [
+            certs.ca.cert
+          ];
+
+          networking.extraHosts = ''
+            127.0.0.1 ${certs.domain}
+          '';
+
           services.keycloak = {
             enable = true;
             inherit frontendUrl initialAdminPassword;
+            sslCertificate = certs.${certs.domain}.cert;
+            sslCertificateKey = certs.${certs.domain}.key;
             database = {
               type = databaseType;
               username = "bogus";
               passwordFile = pkgs.writeText "dbPassword" "wzf6vOCbPp6cqTH";
             };
           };
+
           environment.systemPackages = with pkgs; [
             xmlstarlet
             libtidy