7

I would like to set HTTPS only for my application. For that, I'm using LetsEncrypt to generate my certificate and to be my CA.

LetsEncrypt generated these files for me:

root@myapp:/opt/letsencrypt# ll /etc/letsencrypt/live/myapp.company.coms/
total 8
drwxr-xr-x 2 root root 4096 Feb 19 15:46 ./
drwx------ 3 root root 4096 Feb 19 15:46 ../
lrwxrwxrwx 1 root root   47 Feb 19 15:46 cert.pem -> ../../archive/myapp.company.coms/cert1.pem
lrwxrwxrwx 1 root root   48 Feb 19 15:46 chain.pem -> ../../archive/myapp.company.coms/chain1.pem
lrwxrwxrwx 1 root root   52 Feb 19 15:46 fullchain.pem -> ../../archive/myapp.company.coms/fullchain1.pem
lrwxrwxrwx 1 root root   50 Feb 19 15:46 privkey.pem -> ../../archive/myapp.company.coms/privkey1.pem

Reading Play 2 Framework documentation, they say this:

https.keyStore - The path to the keystore containing the private key and certificate, if not provided generates a keystore for you
https.keyStoreType - The key store type, defaults to JKS
https.keyStorePassword - The password, defaults to a blank password
https.keyStoreAlgorithm - The key store algorithm, defaults to the platforms default algorithm

An example of using these properties might be:

./start -Dhttps.port=9443 -Dhttps.keyStore=/path/to/keystore -Dhttps.keyStorePassword=changeme

Now that I have the key and the certificate generated by LetsEncrypt, how can I generate my keystore to be used by Play 2 Framework ?

Valter Silva
  • 16,446
  • 52
  • 137
  • 218
  • 1
    Did you ever figure this out? – Chris Jun 12 '16 at 15:36
  • Here is the answer to your question: http://stackoverflow.com/questions/38339977/how-to-configure-a-play-application-to-use-lets-encrypt-certificate – Jan Jul 15 '16 at 16:16
  • https://www.ravinderpayal.com/Free-SSL-Certificate-play-framework/ – Ravinder Payal Jul 20 '19 at 11:04
  • Possible duplicate of [How to configure a Play application to use Let's Encrypt certificate?](https://stackoverflow.com/questions/38339977/how-to-configure-a-play-application-to-use-lets-encrypt-certificate) – Ravinder Payal Jul 20 '19 at 11:06

1 Answers1

1

If you need PKCS12 type (language-neutral way to store encrypted private keys and certificates):

openssl pkcs12 -export -in ../../archive/myapp.company.coms/fullchain1.pem 
-inkey ../../archive/myapp.company.coms/privkey1.pem 
-out ../../archive/myapp.company.coms/keystore.p12 
-CAfile ../../archive/myapp.company.coms/cert1.pem 
-caname root

(enter your preferred password 2 times or you can use parameter -passout pass:your_password)

Your pkcs12 will be located here: ../../archive/myapp.company.coms/keystore.p12
In your application use: https.keyStoreType=PKCS12

If you need JKS then:
1. Make pkcs12 (as described above)
2. Use:

keytool -importkeystore -srckeystore ../../archive/myapp.company.coms/keystore.p12 
-srcstoretype pkcs12 
-destkeystore ../../archive/myapp.company.coms/cert.jks 
-deststoretype jks

(enter your preferred password 2 times or you can use parameter -storepass your_password)
(enter your password which you use for pkcs12 or you can use parameter -srcstorepass your_password)

Your jks will be located here: ../../archive/myapp.company.coms/cert.jks
In your application use: https.keyStoreType=JKS

Oleksandr
  • 3,574
  • 8
  • 41
  • 78