From f6910bae1679d1a6bd3c3445305a77d09ef89d76 Mon Sep 17 00:00:00 2001 From: Phillip Webb Date: Sun, 5 Nov 2023 13:36:38 -0800 Subject: [PATCH] Document that PEM content can be used directly in application.yaml Closes gh-38210 --- .../src/docs/asciidoc/features/ssl.adoc | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/features/ssl.adoc b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/features/ssl.adoc index 5f15b9720b89..b5ffd5de590a 100644 --- a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/features/ssl.adoc +++ b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/features/ssl.adoc @@ -77,6 +77,33 @@ When used to secure a client-side connection, a `truststore` is typically config certificate: "classpath:server.crt" ---- +[TIP] +==== +PEM content can be used directly for both the `certificate` and `private-key` properties. +If the property values contains `BEGIN` and `END` markers then they will be treated as PEM content rather than a resource location. + +The following example shows how a truststore certificate can be defined: + +[source,yaml,indent=0,subs="verbatim",configblocks] +---- + spring: + ssl: + bundle: + pem: + mybundle: + truststore: + certificate: | + -----BEGIN CERTIFICATE----- + MIID1zCCAr+gAwIBAgIUNM5QQv8IzVQsgSmmdPQNaqyzWs4wDQYJKoZIhvcNAQEL + BQAwezELMAkGA1UEBhMCWFgxEjAQBgNVBAgMCVN0YXRlTmFtZTERMA8GA1UEBwwI + ... + V0IJjcmYjEZbTvpjFKznvaFiOUv+8L7jHQ1/Yf+9c3C8gSjdUfv88m17pqYXd+Ds + HEmfmNNjht130UyjNCITmLVXyy5p35vWmdf95U3uEbJSnNVtXH8qRmN9oK9mUpDb + ngX6JBJI7fw7tXoqWSLHNiBODM88fUlQSho8 + -----END CERTIFICATE----- +---- +==== + See {spring-boot-autoconfigure-module-code}/ssl/PemSslBundleProperties.java[PemSslBundleProperties] for the full set of supported properties.