Home » Java » Enterprise Java » How to configure an SSL Certificate with Play Framework for https

About Brian Porter

How to configure an SSL Certificate with Play Framework for https

sslI spent hours try­ing to get this to work, and in the end, then prob­lem was that I did not gen­er­ate the CSR (Cer­tifi­cate Request) myself with the keytool.

I kept get­ting this error when I tried access­ing Play with https:

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

The prob­lem ended up being that the key­store I cre­ated and imported the SSL cer­tifi­cate into did not have the pub­lic key that was used for the CSR (cer­tifi­cate request).

So here it the quick ver­sion of gen­er­at­ing an SSL Cer­tifi­cate with godaddy​.com and installing it with Play Frame­work 2.1+.

  1. Fol­low these instruc­tions from godaddy​.com to gen­er­ate the CSR like this:

    First gen­er­ate the key pair like this:

    keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore

    Then gen­er­ate the CSR:

    keytool -certreq -alias tomcat -file csr.txt -keystore tomcat.keystore
  2. Use the CSR to apply for certificate
  3. Add the Inter­me­di­ate Cer­tifi­cate Bun­dle and the Cer­tifi­cate that were gen­er­ated to your key­store.
    NOTE: make sure this is the same key­store that you gen­er­ated the pri­vate key in, in step 1!

    keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gd_bundle.crt
    keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file mycert.crt

    (Replace mycert.crt with the file name and loca­tion of the new GoDaddy certificate)

  4. Finally, fol­low­ing the instruc­tions for con­fig­ur­ing https with Play 2.1+ ( http://​www​.playframe​work​.com/​d​o​c​u​m​e​n​t​a​t​i​o​n​/​2​.​2​.​1​/​C​o​n​f​i​g​u​r​i​n​g​H​t​tps ) which had already worked great with the self gen­er­ated key, I cre­ated a shell script for start­ing Play with the cor­rect parameters:
    # script for starting play in production with SSL and the keystore
    target/start -Dhttps.port=443 -Dhttps.keyStore=/Users/bp/mypath/tomcat.keystore -Dhttps.keyStorePassword=itl80809

Note: you need to do a “play dist” before­hand, so that the cur­rent Soft­ware is com­piled into a dis­tri­b­u­tion in the tar­get subdirectory.
 

Do you want to know how to develop your skillset to become a Java Rockstar?

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!

1. JPA Mini Book

2. JVM Troubleshooting Guide

3. JUnit Tutorial for Unit Testing

4. Java Annotations Tutorial

5. Java Interview Questions

6. Spring Interview Questions

7. Android UI Design

and many more ....

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*


6 − three =

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Do you want to know how to develop your skillset and become a ...

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!
Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.

THANK YOU!

Close