Home » Java » Enterprise Java » How to configure an SSL Certificate with Play Framework for https

About Brian Porter

Brian Porter

How to configure an SSL Certificate with Play Framework for https

sslI spent hours try­ing to get this to work, and in the end, then prob­lem was that I did not gen­er­ate the CSR (Cer­tifi­cate Request) myself with the keytool.

I kept get­ting this error when I tried access­ing Play with https:

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

The prob­lem ended up being that the key­store I cre­ated and imported the SSL cer­tifi­cate into did not have the pub­lic key that was used for the CSR (cer­tifi­cate request).

So here it the quick ver­sion of gen­er­at­ing an SSL Cer­tifi­cate with godaddy​.com and installing it with Play Frame­work 2.1+.

  1. Fol­low these instruc­tions from godaddy​.com to gen­er­ate the CSR like this:

    First gen­er­ate the key pair like this:

    keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore

    Then gen­er­ate the CSR:

    keytool -certreq -alias tomcat -file csr.txt -keystore tomcat.keystore
  2. Use the CSR to apply for certificate
  3. Add the Inter­me­di­ate Cer­tifi­cate Bun­dle and the Cer­tifi­cate that were gen­er­ated to your key­store.
    NOTE: make sure this is the same key­store that you gen­er­ated the pri­vate key in, in step 1!

    keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gd_bundle.crt
    keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file mycert.crt

    (Replace mycert.crt with the file name and loca­tion of the new GoDaddy certificate)

  4. Finally, fol­low­ing the instruc­tions for con­fig­ur­ing https with Play 2.1+ ( http://​www​.playframe​work​.com/​d​o​c​u​m​e​n​t​a​t​i​o​n​/​2​.​2​.​1​/​C​o​n​f​i​g​u​r​i​n​g​H​t​tps ) which had already worked great with the self gen­er­ated key, I cre­ated a shell script for start­ing Play with the cor­rect parameters:
    # script for starting play in production with SSL and the keystore
    target/start -Dhttps.port=443 -Dhttps.keyStore=/Users/bp/mypath/tomcat.keystore -Dhttps.keyStorePassword=itl80809

Note: you need to do a “play dist” before­hand, so that the cur­rent Soft­ware is com­piled into a dis­tri­b­u­tion in the tar­get subdirectory.

(0 rating, 0 votes)
You need to be a registered member to rate this.
Start the discussion Views Tweet it!
Do you want to know how to develop your skillset to become a Java Rockstar?
Subscribe to our newsletter to start Rocking right now!
To get you started we give you our best selling eBooks for FREE!
1. JPA Mini Book
2. JVM Troubleshooting Guide
3. JUnit Tutorial for Unit Testing
4. Java Annotations Tutorial
5. Java Interview Questions
6. Spring Interview Questions
7. Android UI Design
and many more ....
Email address:

Leave a Reply

Be the First to Comment!

Notify of