diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java
index da2d988b248e8..5c548d5e348b8 100644
--- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java
+++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java
@@ -270,6 +270,14 @@ public Optional<String> getLeafCertificateName() {
         public void setLeafCertificateName(String leafCertificateName) {
             this.leafCertificateName = Optional.of(leafCertificateName);
         }
+
+        public Optional<String> getTrustStorePassword() {
+            return trustStorePassword;
+        }
+
+        public void setTrustStorePassword(String trustStorePassword) {
+            this.trustStorePassword = Optional.ofNullable(trustStorePassword);
+        }
     }
 
     /**
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CertChainPublicKeyResolver.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CertChainPublicKeyResolver.java
index 069ad2efb7704..133be33ae688c 100644
--- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CertChainPublicKeyResolver.java
+++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CertChainPublicKeyResolver.java
@@ -22,12 +22,12 @@ public class CertChainPublicKeyResolver implements RefreshableVerificationKeyRes
     final Optional<String> expectedLeafCertificateName;
 
     public CertChainPublicKeyResolver(CertificateChain chain) {
-        if (chain.trustStorePassword.isEmpty()) {
+        if (chain.getTrustStorePassword().isEmpty()) {
             throw new ConfigurationException(
                     "Truststore with configured password which keeps thumbprints of the trusted certificates must be present");
         }
         this.thumbprints = TrustStoreUtils.getTrustedCertificateThumbprints(chain.trustStoreFile.get(),
-                chain.trustStorePassword.get(), chain.trustStoreCertAlias, chain.getTrustStoreFileType());
+                chain.getTrustStorePassword().get(), chain.trustStoreCertAlias, chain.getTrustStoreFileType());
         this.expectedLeafCertificateName = chain.leafCertificateName;
     }
 
diff --git a/integration-tests/oidc-wiremock/src/main/java/io/quarkus/it/keycloak/CustomTenantConfigResolver.java b/integration-tests/oidc-wiremock/src/main/java/io/quarkus/it/keycloak/CustomTenantConfigResolver.java
index 615ed87e89670..423221ef0016e 100644
--- a/integration-tests/oidc-wiremock/src/main/java/io/quarkus/it/keycloak/CustomTenantConfigResolver.java
+++ b/integration-tests/oidc-wiremock/src/main/java/io/quarkus/it/keycloak/CustomTenantConfigResolver.java
@@ -1,5 +1,6 @@
 package io.quarkus.it.keycloak;
 
+import java.nio.file.Path;
 import java.time.Duration;
 import java.util.Map;
 
@@ -43,6 +44,13 @@ public Uni<OidcTenantConfig> resolve(RoutingContext context,
             config.getCodeGrant().setExtraParams(Map.of("extra-param", "extra-param-value"));
             config.getAuthentication().setInternalIdTokenLifespan(Duration.ofSeconds(301));
             return Uni.createFrom().item(config);
+        } else if (path.endsWith("bearer-certificate-full-chain-root-only")) {
+            OidcTenantConfig config = new OidcTenantConfig();
+            config.setTenantId("bearer-certificate-full-chain-root-only");
+            config.getCertificateChain().setTrustStoreFile(Path.of("truststore-rootcert.p12"));
+            config.getCertificateChain().setTrustStorePassword("storepassword");
+            config.getCertificateChain().setLeafCertificateName("www.quarkustest.com");
+            return Uni.createFrom().item(config);
         }
 
         return Uni.createFrom().nullItem();
diff --git a/integration-tests/oidc-wiremock/src/main/resources/application.properties b/integration-tests/oidc-wiremock/src/main/resources/application.properties
index 2354a3d3b9602..00f2a2d0ec7db 100644
--- a/integration-tests/oidc-wiremock/src/main/resources/application.properties
+++ b/integration-tests/oidc-wiremock/src/main/resources/application.properties
@@ -180,10 +180,6 @@ quarkus.oidc.bearer-no-introspection.token.allow-jwt-introspection=false
 quarkus.oidc.bearer-certificate-full-chain.certificate-chain.trust-store-file=truststore.p12
 quarkus.oidc.bearer-certificate-full-chain.certificate-chain.trust-store-password=storepassword
 
-quarkus.oidc.bearer-certificate-full-chain-root-only.certificate-chain.trust-store-file=truststore-rootcert.p12
-quarkus.oidc.bearer-certificate-full-chain-root-only.certificate-chain.trust-store-password=storepassword
-quarkus.oidc.bearer-certificate-full-chain-root-only.certificate-chain.leaf-certificate-name=www.quarkustest.com
-
 quarkus.oidc.bearer-certificate-full-chain-root-only-wrongcname.certificate-chain.trust-store-file=truststore-rootcert.p12
 quarkus.oidc.bearer-certificate-full-chain-root-only-wrongcname.certificate-chain.trust-store-password=storepassword
 quarkus.oidc.bearer-certificate-full-chain-root-only-wrongcname.certificate-chain.leaf-certificate-name=www.quarkusio.com