§Example Configurations
TLS can be very confusing. Here are some settings that can help.
§Connecting to an internal Web Service
If you are using WS to communicate with a single internal web service which is configured with an up to date TLS implementation, then you have no need to use an external CA. Internal certificates will work fine, and are arguably more secure than the CA system.
Generate a self signed certificate from the generating certificates section, and tell the client to trust the CA’s public certificate.
ws.ssl {
trustManager = {
stores = [
{ type = "JKS", path = "exampletrust.jks" }
]
}
}
§Connecting to several external web services
If you are communicating with several external web services, then you may find it more convenient to configure one client with several stores:
ws.ssl {
trustManager = {
stores = [
{ type = "PEM", path = "service1.pem" }
{ path = "service2.jks" }
{ path = "service3.jks" }
]
}
}
If client authentication is required, then you can also set up the key manager with several stores:
ws.ssl {
keyManager = {
stores = [
{ type: "PKCS12", path: "keys/service1-client.p12", password: "changeit1" },
{ type: "PKCS12", path: "keys/service2-client.p12", password: "changeit2" },
{ type: "PKCS12", path: "keys/service3-client.p12", password: "changeit3" }
]
}
}
§Both Private and Public Servers
If you are using WS to access both private and public servers on the same profile, then you will want to include the default JSSE trust store as well:
ws.ssl {
trustManager = {
stores = [
{ path: ${store.directory}/exampletrust.jks } # Added trust store
{ path: ${java.home}/lib/security/cacerts } # Fallback to default JSSE trust store
]
}
}
このドキュメントの翻訳は Play チームによってメンテナンスされているものではありません。 間違いを見つけた場合、このページのソースコードを ここ で確認することができます。 ドキュメントガイドライン を読んで、お気軽にプルリクエストを送ってください。