PEM

SSL/TLS in Java is a pain in the behind. Not only is the setup verbose, but the format for certificates and keys is unique. Nginx/Apache/Go/etc seem to be happy using certifiates and keys encoded as PEM files, but Java has its own special KeyStores, with the JKS format being the default. There are a number of questions on forums, and custom recipes that involve openssl, to convert PEM certificates and keys into formats that can be imported into a Java keystore....