How to force Grails to use a signed certificate with run-app or run-war

Question

Even after adding this code to Config.groovy, Grails insists on using its own self-signed certificate:

grails.tomcat.truststorePath = "${grailsSettings.baseDir}/conf/ssl/truststore.jks"
grails.tomcat.truststorePassword = "changeit"
grails.tomcat.clientAuth = "want"
grails.tomcat.keystorePath = "${grailsSettings.baseDir}/conf/ssl/keystore.jks"
grails.tomcat.keystorePassword = "changeit"
grails.tomcat.keyAlias = "localhost"

Any idea how to force Grails to use the real keystore here?

Answer 1

I couldn't get your example to work or figure out how to set any properties in BuildConfig.groovy, but for grails 2.5.0 this worked for me in scripts/_Events.groovy.

eventConfigureTomcat = { org.apache.catalina.startup.Tomcat tomcat ->
    if (Environment.getCurrent() == Environment.DEVELOPMENT) {
        System.setProperty("javax.net.debug", "ssl") //use this to confirm grails adds proper keystore/truststore settings
        System.setProperty("javax.net.ssl.keyStoreType", "jks")
        System.setProperty("javax.net.ssl.keyStore", "/absolute/path/to/keystore")
        System.setProperty("javax.net.ssl.keyStorePassword", "<_password_>")
        System.setProperty("javax.net.ssl.trustStoreType", "jks")
        System.setProperty("javax.net.ssl.trustStore", "/absolute/path/to/truststore")
        System.setProperty("javax.net.ssl.trustStorePassword", "<_password_>")
        println "SSL configuration complete"
    }
}

Answer 2

Apparently, it's a common mistake to put these settings in Config.groovy. They belong in BuildConfig.groovy. Once I put them in BuildConfig.groovy, everything worked for me.