poornerd

my thoughts on programming and other nerdy stuff

How to configure an SSL Certificate with Play Framework for https

| 0 comments

sslI spent hours try­ing to get this to work, and in the end, then prob­lem was that I did not gen­er­ate the CSR (Cer­tifi­cate Request) myself with the keytool.

I kept get­ting this error when I tried access­ing Play with https:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

The prob­lem ended up being that the key­store I cre­ated and imported the SSL cer­tifi­cate into did not have the pub­lic key that was used for the CSR (cer­tifi­cate request).

So here it the quick ver­sion of gen­er­at­ing an SSL Cer­tifi­cate with godaddy​.com and installing it with Play Frame­work 2.1+.

1. Fol­low these instruc­tions from godaddy​.com to gen­er­ate the CSR like this:
First gen­er­ate the key pair like this:

keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore

Then gen­er­ate the CSR:

keytool -certreq -alias tomcat -file csr.txt -keystore tomcat.keystore

2. Use the CSR to apply for certificate

3. Add the Inter­me­di­ate Cer­tifi­cate Bun­dle and the Cer­tifi­cate that were gen­er­ated to your key­store.
NOTE: make sure this is the same key­store that you gen­er­ated the pri­vate key in, in step 1!

keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gd_bundle.crt
keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file mycert.crt

(Replace mycert.crt with the file name and loca­tion of the new GoDaddy certificate)

4. Finally, fol­low­ing the instruc­tions for con­fig­ur­ing https with Play 2.1+ ( http://​www​.playframe​work​.com/​d​o​c​u​m​e​n​t​a​t​i​o​n​/​2​.​2​.​1​/​C​o​n​f​i​g​u​r​i​n​g​H​t​tps ) which had already worked great with the self gen­er­ated key, I cre­ated a shell script for start­ing Play with the cor­rect parameters:

# script for starting play in production with SSL and the keystore
target/start -Dhttps.port=443 -Dhttps.keyStore=/Users/bp/mypath/tomcat.keystore -Dhttps.keyStorePassword=itl80809

Note: you need to do a “play dist” before­hand, so that the cur­rent Soft­ware is com­piled into a dis­tri­b­u­tion in the tar­get subdirectory.

If you have read this far, you may as well fol­low me on Twit­ter:

Author: poornerd

Tech­nol­o­gist, Entre­pre­neur, Vision­ary, Pro­gram­mer :: Grad­u­ated from USC (Uni­ver­sity of South­ern Cal­i­for­nia) with a degree in Com­puter Sci­ence. After 10+ years of free­lance con­sult­ing and pro­gram­ming, he co-founded Site­Force AG eBusi­ness Solu­tions in 1999 in Munich (München), Ger­many.

Leave a Reply

Required fields are marked *.