SpringBoot In Spring Boot 3.5.x and later, embedded Tomcat SSL ignores customized settings from application.yml

The reason for this bug is that the function setCertificateKeystoreFile(String certificateKeystoreFile), which is defined in SSLHostConfigCertificate.java is never called. So the property certificateKeystoreFile will always be the default value of DEFAULT_KEYSTORE_FILE, and thus the customized ssl file is never loaded.

here is the definition of applySslBundle in spring boot 3.5.5 ,

private void applySslBundle(AbstractHttp11Protocol<?> protocol, SSLHostConfig sslHostConfig, SslBundle sslBundle) {
        SslBundleKey key = sslBundle.getKey();
        SslStoreBundle stores = sslBundle.getStores();
        SslOptions options = sslBundle.getOptions();
        sslHostConfig.setSslProtocol(sslBundle.getProtocol());
        SSLHostConfigCertificate certificate = new SSLHostConfigCertificate(sslHostConfig, Type.UNDEFINED);
        String keystorePassword = (stores.getKeyStorePassword() != null) ? stores.getKeyStorePassword() : "";
        certificate.setCertificateKeystorePassword(keystorePassword);
        if (key.getPassword() != null) {
            certificate.setCertificateKeyPassword(key.getPassword());
        }
        if (key.getAlias() != null) {
            certificate.setCertificateKeyAlias(key.getAlias());
        }
        sslHostConfig.addCertificate(certificate);
        if (options.getCiphers() != null) {
            String ciphers = StringUtils.arrayToCommaDelimitedString(options.getCiphers());
            sslHostConfig.setCiphers(ciphers);
        }
        configureSslStores(sslHostConfig, certificate, stores);
        configureEnabledProtocols(sslHostConfig, options);
    }

Probably the value of certificateKeystoreFile should be set somewhere in this function, please fix this bug in future releases. thanks!

Comment From: bclozel

In its current form, this issue is not really helpful. Rather than sharing an incomplete analysis, can your share a minimal sample application that reproduces the problem? You can find some guidance here if needed.

Thanks!

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: spring-projects-issues

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.