Can't specify a keystore file for https

Question

I've being pulling my hair for hours with Play (again). I'm using v2.4.6 and trying to use a custom keystore file for HTTPS access.

Si I followed the documentation :

• Added javaOptions in run += "-Dhttp.port=9020" in my build.sbt file
• Added play.server.https.keyStore.path = "conf/mykeystorefile.jks and play.server.https.keyStore.password = "my_keystore_file_passphrase

So then I use activator UI to launch play, as usual, and HTTPS requests do work, BUT play always generates a generated.keystore and uses it instead of using the one I need. And prints a warn : "Using generated key with self signed certificate for HTTPS. This should not be used in production."

If I look at Play source code, this is where the log comes from. But when reading the code, this should only happened if play.server.https.keyStore.path is not provided, which it is...

What is going on?

Answer 1

For those that really only want this in dev mode...

"You can configure extra settings for the run command in your build.sbt. These settings won’t be used when you deploy your application."

~ https://www.playframework.com/documentation/2.5.x/ConfigFile#Extra-devSettings

Ex:

PlayKeys.devSettings := Seq(
   "https.port" -> "9443",
   "play.server.https.keyStore.path" -> "conf/keystore.jks"
)

Answer 2

From your question I guess you are using Play in dev mode. If that's the case, I think in dev mode Play is unable to read those values before starting the application (the same problem that makes you use javaOptions to specify the port).

You can try to specify those values using system properties (-Dplay.server.https.(...)) or specify those options in build.sbt:

devSettings := Map(
    "play.server.http.port" -> "9020",
    "play.server.https.keyStore.path" -> "/path/to/file",
    // (...)
)

Note: don't know if that was a typo in your config, but I think you need to specify https.port also...