Enterprise Java

How to configure an SSL Certificate with Play Framework for https

sslI spent hours try­ing to get this to work, and in the end, then prob­lem was that I did not gen­er­ate the CSR (Cer­tifi­cate Request) myself with the keytool.

I kept get­ting this error when I tried access­ing Play with https:

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

The prob­lem ended up being that the key­store I cre­ated and imported the SSL cer­tifi­cate into did not have the pub­lic key that was used for the CSR (cer­tifi­cate request).

So here it the quick ver­sion of gen­er­at­ing an SSL Cer­tifi­cate with godaddy​.com and installing it with Play Frame­work 2.1+.

  1. Fol­low these instruc­tions from godaddy​.com to gen­er­ate the CSR like this:

    First gen­er­ate the key pair like this:

    keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore

    Then gen­er­ate the CSR:

    keytool -certreq -alias tomcat -file csr.txt -keystore tomcat.keystore
  2. Use the CSR to apply for certificate
  3. Add the Inter­me­di­ate Cer­tifi­cate Bun­dle and the Cer­tifi­cate that were gen­er­ated to your key­store.
    NOTE: make sure this is the same key­store that you gen­er­ated the pri­vate key in, in step 1!

    keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gd_bundle.crt
    keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file mycert.crt

    (Replace mycert.crt with the file name and loca­tion of the new GoDaddy certificate)

  4. Finally, fol­low­ing the instruc­tions for con­fig­ur­ing https with Play 2.1+ ( http://​www​.playframe​work​.com/​d​o​c​u​m​e​n​t​a​t​i​o​n​/​2​.​2​.​1​/​C​o​n​f​i​g​u​r​i​n​g​H​t​tps ) which had already worked great with the self gen­er­ated key, I cre­ated a shell script for start­ing Play with the cor­rect parameters:
    # script for starting play in production with SSL and the keystore
    target/start -Dhttps.port=443 -Dhttps.keyStore=/Users/bp/mypath/tomcat.keystore -Dhttps.keyStorePassword=itl80809

Note: you need to do a “play dist” before­hand, so that the cur­rent Soft­ware is com­piled into a dis­tri­b­u­tion in the tar­get subdirectory.
 

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Back to top button