you can refer to the first tip docs.spring.io/spring-boot/reference/features/ssl.html

thank dude for encouraging 😉!

I haven't encountered this error, and the official documentation of openssl also doesn't specify clearly the default symmetric encryption(AES, DES) is used to encrypt the private key. So let's divide the 1 line openssl above to smaller steps, to create a AES encrypted key first then generate a certificate with it: openssl genrsa -out server_rsa.key 2048 openssl pkcs8 -topk8 -inform PEM -in server_rsa.key -outform PEM -out server.key -v2 aes-256-cbc -passout pass:123456 openssl req -new -key server.key -out server.csr -subj "/CN=localhost" -passin pass:123456 openssl x509 -req -in server.csr -days 365 -sha256 -signkey server.key -out server.crt -passin pass:123456 After running 4 commands, you will end up with server.key and server.crt as they're needed in the yaml file.

thanks, you could be true, some internal services run in internal network might be potential use-cases.