1

I'm attempting to use SSL with my Playframework 1.2.5 application but can't seem to get it to work.

I have an SSL certificate from GoDaddy. I reference the key & crt files from application.conf as follows:

%prod.https.port=443
%prod.certificate.key.file=conf/hawkanalytics.key
%prod.certificate.file=conf/hawkanalytics.com.crt

However, I'm getting the following error when attempting to access the application:

22:49:33,836 INFO  ~ Listening for HTTPS on port 443 ...
java.lang.NullPointerException
        at play.server.ssl.SslHttpServerContextFactory$PEMKeyManager.<init>(SslHttpServerContextFactory.java:94)
        at play.server.ssl.SslHttpServerContextFactory$PEMKeyManager.<clinit>(SslHttpServerContextFactory.java:79)
        at play.server.ssl.SslHttpServerContextFactory.<clinit>(SslHttpServerContextFactory.java:47)
        at play.server.ssl.SslHttpServerPipelineFactory.getPipeline(SslHttpServerPipelineFactory.java:29)
        at org.jboss.netty.channel.socket.nio.NioServerSocketPipelineSink$Boss.registerAcceptedChannel(NioServerSocketPipelineSink.java:274)
        at org.jboss.netty.channel.socket.nio.NioServerSocketPipelineSink$Boss.run(NioServerSocketPipelineSink.java:239)
        at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:102)
        at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:679)
22:49:43,372 ERROR ~
java.lang.NullPointerException
        at play.server.ssl.SslHttpServerContextFactory$PEMKeyManager.<init>(SslHttpServerContextFactory.java:94)
        at play.server.ssl.SslHttpServerContextFactory$PEMKeyManager.<clinit>(SslHttpServerContextFactory.java:79)
        at play.server.ssl.SslHttpServerContextFactory.<clinit>(SslHttpServerContextFactory.java:47)
        at play.server.ssl.SslHttpServerPipelineFactory.getPipeline(SslHttpServerPipelineFactory.java:29)
        at org.jboss.netty.channel.socket.nio.NioServerSocketPipelineSink$Boss.registerAcceptedChannel(NioServerSocketPipelineSink.java:274)
        at org.jboss.netty.channel.socket.nio.NioServerSocketPipelineSink$Boss.run(NioServerSocketPipelineSink.java:239)
        at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:102)
        at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:679)
22:49:43,504 DEBUG ~ Invalid certificate
javax.net.ssl.SSLHandshakeException: no cipher suites in common
        at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1031)
        at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:508)
        at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:759)
        at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:727)
        at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
        at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:938)
        at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:656)
        at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:317)
        at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:207)
        at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:75)
        at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:792)
        at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:296)
        at org.jboss.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:352)
        at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:334)
        at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:207)
        at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:75)
        at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
        at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
        at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
        at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:94)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.processSelectedKeys(AbstractNioWorker.java:372)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:246)
        at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:38)
        at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:102)
        at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:679)
MSquared
  • 322
  • 3
  • 15

3 Answers3

2

check if the ".key" file you using is RSA PRIVATE KEY or just PRIVATE KEY.

Play framework seems to need RSA PRIVATE KEY with the header "-----BEGIN RSA PRIVATE KEY-----"

To convert: How to convert a private key to an RSA private key?.

Community
  • 1
  • 1
saviour
  • 21
  • 2
1

I got this to work following the directions in the production mode documentation and a free certificate from startssl

To test this is locally add the following entry to your hosts file

127.0.0.1 my-ssl-domain.com

Next copy the certificate to play-app/conf/host.cert. Now open your key file in a text editor.
If you see a line Proc-Type: 4,ENCRYPTED at the top of your your keyfile it is encrypted. I decrypted mine using the startssl webinterface, but you should be able to achieve the same from the command line using 

openssl rsa –in my_downloaded_ssl_key.key -out play-app/conf/host.key

if your key is unencrypted you can copy it directly to play-app/conf/host.key

Finally edit application.conf and add the following lines: 

https.port=443
certificate.key.file=conf/host.key
certificate.file=conf/host.cert
certificate.password=my-private-key-password
trustmanager.algorithm=JKS

i tested this in dev mode with sudo play run .. I'm using sudo to bind to ports 443. You can find better approaches for this particular problem in this answer

Community
  • 1
  • 1
kritzikratzi
  • 19,662
  • 1
  • 29
  • 40
0

I don't use Play 1.x but according to the documentation on HTTPS configuration it states:

You need to put your certificates in the conf directory. Play supports X509 certificates and keystore certificates. The X509 certificates must be named as follows: host.cert for the certificate and host.key for the key. If you are using keystore, then, by default it should be named certificate.jks.

I'm not 100% certain that it is mandatory but that means you should have conf like this:

%prod.https.port=443
%prod.certificate.key.file=conf/host.key
%prod.certificate.file=conf/host.cert
maba
  • 47,113
  • 10
  • 108
  • 118
  • I tried conf/host.key & conf/host.cert but got the same result. – MSquared Apr 18 '13 at 07:53
  • I have finally managed to get Lighttpd working as a reverse proxy w/ SSL in front of PlayFramework as an alternative. As a side note - I used the exact same cert files for lighttpd. – MSquared Apr 18 '13 at 07:55