Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS reference guide IDs' unification #43315

Merged
merged 1 commit into from
Sep 16, 2024
Merged

TLS reference guide IDs' unification #43315

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 5 additions & 6 deletions docs/src/main/asciidoc/tls-registry-reference.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
As a result, applications that use the TLS Registry can be ready to handle secure communications out of the box.
TLS Registry also provides features like automatic certificate reloading, Let's Encrypt (ACME) integration, Kubernetes Cert-Manager support, and compatibility with various keystore formats, such as PKCS12, PEM, and JKS.

[#using-the-tls-registry]
[[using-the-tls-registry]]
== Using the TLS registry

To configure a TLS connection, including key and truststores, use the `+quarkus.tls.*+` properties.
Expand Down Expand Up @@ -126,7 +126,7 @@
+
This configuration enables mTLS by ensuring that both the server and client validate each other's certificates, which provides an additional layer of security.

[#referencing-a-tls-configuration]
[[referencing-a-tls-configuration]]
== Referencing a TLS configuration

To reference an example _named_ configuration that you created by using the `quarkus.tls.<name>.*` properties as explained in <<using-the-tls-registry>>
Expand Down Expand Up @@ -255,12 +255,12 @@
----
+
* Alternatively, use SNI to select the appropriate certificate and private key.
Note that all keys must use the same password.

Check warning on line 258 in docs/src/main/asciidoc/tls-registry-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale 

[vale] reported by reviewdog 🐶
[Quarkus.Fluff] Depending on the context, consider using 'Be concise: rewrite the sentence to not use' rather than 'Note that'.

Raw Output:
{"message": "[Quarkus.Fluff] Depending on the context, consider using 'Be concise: rewrite the sentence to not use' rather than 'Note that'.", "location": {"path": "docs/src/main/asciidoc/tls-registry-reference.adoc", "range": {"start": {"line": 258, "column": 1}}}, "severity": "INFO"}

[#sni]
[[sni]]
==== SNI

Check warning on line 261 in docs/src/main/asciidoc/tls-registry-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale 

[vale] reported by reviewdog 🐶
[Quarkus.Headings] Use sentence-style capitalization in '3.1.4. SNI'.

Raw Output:
{"message": "[Quarkus.Headings] Use sentence-style capitalization in '3.1.4. SNI'.", "location": {"path": "docs/src/main/asciidoc/tls-registry-reference.adoc", "range": {"start": {"line": 261, "column": 1}}}, "severity": "INFO"}

Check warning on line 261 in docs/src/main/asciidoc/tls-registry-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale 

[vale] reported by reviewdog 🐶
[Quarkus.HeadingPunctuation] Do not use end punctuation in headings.

Raw Output:
{"message": "[Quarkus.HeadingPunctuation] Do not use end punctuation in headings.", "location": {"path": "docs/src/main/asciidoc/tls-registry-reference.adoc", "range": {"start": {"line": 261, "column": 1}}}, "severity": "INFO"}

Server Name Indication (SNI) is a TLS extension that makes it possible for a client to specify the host name to which it attempts to connect during the TLS handshake.

Check warning on line 263 in docs/src/main/asciidoc/tls-registry-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale 

[vale] reported by reviewdog 🐶
[Quarkus.TermsWarnings] Consider using 'hostname' rather than 'host name' unless updating existing content that uses the term.

Raw Output:
{"message": "[Quarkus.TermsWarnings] Consider using 'hostname' rather than 'host name' unless updating existing content that uses the term.", "location": {"path": "docs/src/main/asciidoc/tls-registry-reference.adoc", "range": {"start": {"line": 263, "column": 100}}}, "severity": "WARNING"}

Check warning on line 263 in docs/src/main/asciidoc/tls-registry-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale 

[vale] reported by reviewdog 🐶
[Quarkus.TermsSuggestions] Depending on the context, consider using ', which (non restrictive clause preceded by a comma)' or 'that (restrictive clause without a comma)' rather than 'which'.

Raw Output:
{"message": "[Quarkus.TermsSuggestions] Depending on the context, consider using ', which (non restrictive clause preceded by a comma)' or 'that (restrictive clause without a comma)' rather than 'which'.", "location": {"path": "docs/src/main/asciidoc/tls-registry-reference.adoc", "range": {"start": {"line": 263, "column": 112}}}, "severity": "INFO"}
SNI enables a server to present different TLS certificates for multiple domains on a single IP address, which facilitates secure communication for virtual hosting scenarios.

To enable SNI:
Expand Down Expand Up @@ -585,7 +585,7 @@

If any of these checks fail, the application will not start.

[#reloading-certificates]
[[reloading-certificates]]
== Reloading certificates

The `TlsConfiguration` obtained from the `TLSConfigurationRegistry` includes a mechanism for reloading certificates.
Expand Down Expand Up @@ -1267,12 +1267,11 @@

====

[[lets-encrypt-prepare]]

The challenge is served from the primary HTTP interface (accessible from your DNS domain name).

Check warning on line 1270 in docs/src/main/asciidoc/tls-registry-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale 

[vale] reported by reviewdog 🐶
[Quarkus.CaseSensitiveTerms] Use 'management console' rather than 'HTTP interface'.

Raw Output:
{"message": "[Quarkus.CaseSensitiveTerms] Use 'management console' rather than 'HTTP interface'.", "location": {"path": "docs/src/main/asciidoc/tls-registry-reference.adoc", "range": {"start": {"line": 1270, "column": 42}}}, "severity": "INFO"}

IMPORTANT: Do not start your application yet.

[[lets-encrypt-prepare]]
=== Application preparation

Before you request a Let's Encrypt certificate:
Expand Down