mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-07-15 01:07:30 +08:00
Document that PKCS8 PEM files should be used whenever possible
Closes gh-37170
This commit is contained in:
parent
36629df416
commit
ff2fc95daf
@ -195,6 +195,26 @@ The following example shows setting SSL properties using a Java KeyStore file:
|
||||
key-password: "another-secret"
|
||||
----
|
||||
|
||||
Using configuration such as the preceding example means the application no longer supports a plain HTTP connector at port 8080.
|
||||
Spring Boot does not support the configuration of both an HTTP connector and an HTTPS connector through `application.properties`.
|
||||
If you want to have both, you need to configure one of them programmatically.
|
||||
We recommend using `application.properties` to configure HTTPS, as the HTTP connector is the easier of the two to configure programmatically.
|
||||
|
||||
|
||||
|
||||
[[howto.webserver.configure-ssl.pem-files]]
|
||||
==== Using PEM-encoded files
|
||||
You can use PEM-encoded files instead of Java KeyStore files.
|
||||
You should use PKCS#8 key files wherever possible.
|
||||
PEM-encoded PKCS#8 key files start with a `-----BEGIN PRIVATE KEY-----` or `-----BEGIN ENCRYPTED PRIVATE KEY-----` header.
|
||||
|
||||
If you have files in other formats, e.g., PKCS#1 (`-----BEGIN RSA PRIVATE KEY-----`) or SEC 1 (`-----BEGIN EC PRIVATE KEY-----`), you can convert them to PKCS#8 using OpenSSL:
|
||||
|
||||
[source,shell,indent=0,subs="verbatim,attributes"]
|
||||
----
|
||||
openssl pkcs8 -topk8 -nocrypt -in <input file> -out <output file>
|
||||
----
|
||||
|
||||
The following example shows setting SSL properties using PEM-encoded certificate and private key files:
|
||||
|
||||
[source,yaml,indent=0,subs="verbatim",configprops,configblocks]
|
||||
@ -209,11 +229,6 @@ The following example shows setting SSL properties using PEM-encoded certificate
|
||||
|
||||
See {spring-boot-module-code}/web/server/Ssl.java[`Ssl`] for details of all of the supported properties.
|
||||
|
||||
Using configuration such as the preceding example means the application no longer supports a plain HTTP connector at port 8080.
|
||||
Spring Boot does not support the configuration of both an HTTP connector and an HTTPS connector through `application.properties`.
|
||||
If you want to have both, you need to configure one of them programmatically.
|
||||
We recommend using `application.properties` to configure HTTPS, as the HTTP connector is the easier of the two to configure programmatically.
|
||||
|
||||
|
||||
|
||||
[[howto.webserver.configure-http2]]
|
||||
|
Loading…
Reference in New Issue
Block a user