I have created a new certificate using Let's Encrypt, also, I was able to generate my keystore. Now I'm loading my Play application like this:
activator run -Dspring.profiles.active="dev" -Dhttp.port=disabled -Dhttps.port=9443 -Djavax.net.ssl.keyStore=/home/webapp/play/conf/keystore.jks -Djavax.net.ssl.keyStorePassword="password"
However, Play seems not to read my keystore and keeps generating a new one.
[warn] play - Using generated key with self signed certificate for HTTPS. This should not be used in production.
How can I make Play to read my keystore ?
You don't mention which version of Play you're on, so I'll assume you have Play 2.4.6.
Configuring SSL is documented in https://www.playframework.com/documentation/2.4.x/ConfiguringHttps
The warning you're seeing comes from the DefaultSSLEngineProvider -- the source code is in:
https://github.com/playframework/playframework/blob/2.4.x/framework/src/play-server/src/main/scala/play/core/server/ssl/DefaultSSLEngineProvider.scala#L57
So you can see looking at the documentation, you need to set play.server.https.keyStore.path and so on to configure SSL.
Related
i am currently deploying openstack using OSAD and an error is occurring
Failed to validate the SSL certificate for raw.githubusercontent.com:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended
I have no idea which file i should update with validate_certs=False
This only applies if using a https url as the source of the keys. If set to no, the SSL certificates will not be validated.
This should only set to no used on personally controlled sites using self-signed certificates as it avoids verifying the source site.
Prior to 2.1 the code worked as if this was set to yes.
I guess it depends on the role for which error appeared, for example for haproxy_server SSL error, you should edit a file:
/etc/ansible/roles/haproxy_server/defaults/main.yml
and set:
haproxy_hatop_download_validate_certs: no
So I am trying to setup a test environment for bittorrent file tranfers with SSL protection and I am having some troubles and would need some guidence.
My setup:
PC1: Running opentracker and is acting as the Certificate Authority.
PC2: Running libtorrent example client compiled with support for SLL encryption. Also acts as the publisher of the torrent file.
PC3: Same as PC2 but is not publishing any file.
When I use this setup without SSL torrents everything works as expected. The file gets transferred and if you go into the trackers stats page (trackerip/stats) it shows that 1 torrents is beeing served and there are 2 peers connected.
However, when I use my SSL torrent this is not happening. First of all, no file is being transferred. Second of all the tracker doesn't seem to recognize the torrent file i.e the tracker tells me it is currently not serving any torrents.
What could be wrong with my setup? And how do I start troubleshooting this?
Could it be that the tracker have to support HTTPS? Maybe I can't use open tracker. Do anyone have experience with this?
It is very likely that something is missing in the torrent file, but should I not be getting any errors in that case?
I am using the libtorrent example project "make_torrent" to make my ssl torrent and when I inspect it, it contains my certificate.
EDIT:
So a big part of my problem I assume is that I have zero experience from working with SSL stuff. So this is probably where I fail. I have read through both http://www.libtorrent.org/manual-ref.html#ssl-torrents and http://blog.libtorrent.org/2012/01/bittorrent-over-ssl/
and I am not sure I fully understand it.
I will try to explain how I have interpreted it and you guys can explain why I am wrong :) .
My interpretation:
The publisher of the torrent will include a x509 certificate signed with the publishers private key.
When a peer receives this torrent it will use the publishers public key (installed at an earlier time) to verify it's authenticity.
If everything is OK, the peer will generate a Certificate Signing Request and sign it with the peers private key and then send it to the publisher who signs it and returns a certificate. This is then the certificate that the peer will present to other peers.
Is this correct?
I've spent the better part of this afternoon trying to figure out how to implement SSL/TLS support directly in the Play Framework 2.1 web server without having to use a front end proxy, to no avail. I have all of my certificates signed by a CA and I'm told Play 2.1 supports SSL, but am lost on the configuration options to use in application.conf to set this up. There doesn't appear to be a clear answer out there in the documentation.
Couple questions:
Do I HAVE to convert my .crt and .key files to a .jks file (Java keystore) or can I use them as-is?
If I have to import to the Java keystore, can someone provide some insight into how this is done? I have seen a lot of conflicting documentation on this.
What are the configuration options in the Play Framework 2.1.x application.conf to set this up?
As I stated before, I could not find any clear answers after a couple hours of Googling, so I figured I better ask here. Also, I want to reiterate - I DO NOT want to use a front-end web server like Apache for specific reasons, so I am looking ONLY to set up SSL/TLS support directly in Play.
EDIT:
I have found this thread: http://grokbase.com/t/gg/play-framework/1326s1ttny/2-1-ssl but I can't get any of it to work still. Not sure if I'm created the JKS file correctly by combining all of my bundled CRT files AND the private key into a single file then importing and I'm not sure what I should use for the "path to keystore".
We are trying to use composite templates (fillable PDFs) and embedded signing using the REST API. We are using the docusign_rest gem in conjuction with our custom code to create composite templates and embedded signing. The docusign_rest gem is used for authentication and is giving the following error:
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed)
On the local dev machine, we simply provided path to a certificate file at the time of starting the dev server, but on a remote machine this is not feasible.
Is it possible to skip the SSL check for a demo purpose? This SO link seems to suggest that it is possible. If yes, then how can we achieve that?
If not, then is there a quick way to fix it or do we have to install SSL certificates and configure the server to read those?
We are using ruby 1.9.3 , rails 3.2.11 and Apache2 (so that would mean enabling the SSL module).
I believe for demo (demo.docusign.net) you can use https OR http. What happens if you simply use http? Does that resolve your SSL error?
In either case, you'll eventually need to resolve this though because for production (www.docusign.net) you need to use https. The problem is most likely in your Ruby code or with your certificate. For testing purposes I'd try making a cURL request through the command line to see if that works.
See here for some examples of making DocuSign REST API calls using cURL
Im trying to use client ssl certificate in JMeter to authenticate on website. The problem is that when i try to import it in SSL Manager, im not getting any message for password, anything. In configuration i've written:
user.classpath=/home/m/Downloads/jre-1.7.0_09/usr/java/jre1.7.0_09/lib/
ssl.provider=com.sun.net.ssl.internal.ssl.Provider
I've added user.classpath because jsse.jar stands there, but i think its not necessary. What am i doing wrong?
To test Client Certificates, use this:
Keystore Configuration
Steps are:
Create your certificates either with Java keytool utility or through your PKI
If created by PKI, import your keys in Java Key Store by converting them to a format acceptable by JKS
Then reference the keystore file through the 2 JVM properties :
-Djavax.net.ssl.keyStore=path_to_keystore
-Djavax.net.ssl.keyStorePassword=password_of_keystore
You use either HTTPClient 3.1 or 4 implementations for HTTP Request
To make JMeter use more than one certificate you need to ensure that:
https.use.cached.ssl.context=false
is set in jmeter.properties or user.properties