diff --git a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/howto/webserver.adoc b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/howto/webserver.adoc index 6975d8ffbc..1afb8d279d 100644 --- a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/howto/webserver.adoc +++ b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/howto/webserver.adoc @@ -195,6 +195,26 @@ The following example shows setting SSL properties using a Java KeyStore file: key-password: "another-secret" ---- +Using configuration such as the preceding example means the application no longer supports a plain HTTP connector at port 8080. +Spring Boot does not support the configuration of both an HTTP connector and an HTTPS connector through `application.properties`. +If you want to have both, you need to configure one of them programmatically. +We recommend using `application.properties` to configure HTTPS, as the HTTP connector is the easier of the two to configure programmatically. + + + +[[howto.webserver.configure-ssl.pem-files]] +==== Using PEM-encoded files +You can use PEM-encoded files instead of Java KeyStore files. +You should use PKCS#8 key files wherever possible. +PEM-encoded PKCS#8 key files start with a `-----BEGIN PRIVATE KEY-----` or `-----BEGIN ENCRYPTED PRIVATE KEY-----` header. + +If you have files in other formats, e.g., PKCS#1 (`-----BEGIN RSA PRIVATE KEY-----`) or SEC 1 (`-----BEGIN EC PRIVATE KEY-----`), you can convert them to PKCS#8 using OpenSSL: + +[source,shell,indent=0,subs="verbatim,attributes"] +---- +openssl pkcs8 -topk8 -nocrypt -in -out +---- + The following example shows setting SSL properties using PEM-encoded certificate and private key files: [source,yaml,indent=0,subs="verbatim",configprops,configblocks] @@ -219,11 +239,6 @@ Alternatively, the SSL trust material can be configured in an <