"Forbidden" error when loading Archive UI using keycloak security

[chensongqin]

I've set up a test server with secure archive following the instructions here: https://github.com/dcm4che/dcm4chee-arc-light/wiki/Run-secured-archive-services-on-a-single-host, using pretty much the same configuration other than for host names, etc. Using the keycloak console at https://<host_name>:8843, I can configure the archive client and edit users for that client, including managing users at https://<host_name>:8843/realms/dcm4che/account/ after logging in. However, whenever I try to access the archive UI at https://<host_name>:8443/dcm4chee-arc/ui2, I get a "Forbidden" message.
When I checked Wildfly logging in the arc docker container, I saw this error:

Is this due to arc not being able to access the keycloak server correctly?
Looking through some old questions on this forum, I tried checking if the arc docker container can access the keycloak container. Inside that container, when I use curl https://keycloak:8843, I get the following response:

It looks like the complaint is about the out-of-date certificate used by the keycloak container. Am I right about assuming this? If I updated keycloak to use a new valid certificate, will this fix that error?
Thank you in advance for any information.