Play Framework SSL
openssl-genrsa-des3-out Host.key 2048
Parameter explanation:
Genrsa
OpenSSL command for generating an RSA key pair
-des3
Using the 3-des symmetric encryption algorithm to encrypt the key pair, this parameter requires the user to enter a password for encryption during key generation. When you use this key pair in the future, you need to enter the appropriate password. If this option is not added, the key is not encrypted.
-out
To save the generated key pair to a file Host.key
2048
RSA modulus number of times, to a certain extent, the key density is shown.
OpenSSL req-new-key ssl.key-out SSL.CSR
Parameter explanation:
Req
OpenSSL command to generate a certificate request
-new
A new certificate request is generated. This parameter will require the user to fill in some corresponding fields in the certificate request generation for OpenSSL.
-key
Specifies the key pair file that Ssl.key uses for the certificate.
-out
To save the generated certificate request to a file HOST.CSR
Enter pass phrase for Host.key://Enter the password (if Host.key is added before the parameter-des3)
You is about-to is asked to-enter information that'll be incorporated
into your certificate request.
What's about-to-enter is called a distinguished Name or a DN.
There is quite a few fields but can leave some blank
For some fields there would be a default value,
If you enter '. ', the field would be a left blank.
-----
Country Name (2 letter code) [AU]://uses the International Standard Organization (ISO) Country code format, and fills in 2 letters of the country code. China please fill in CN.
State or province name (full name) [some-state]://province, such as filling out Beijing
Locality Name (eg, city) []://cities, such as filling out Beijing
Organization name (eg, company) [Internet widgits Pty ltd]://organizational unit, such as the spelling of a business name
Organizational Unit Name (eg, section) []://For example, fill it Dept
Common name (e.g. server FQDN or YOUR name) []://Exercise SSL Encrypted Web site address. Please note that this does not refer to your domain name alone, but rather the name of the website that uses SSL directly, for example: pay.abc.com. A website is defined here: ABC.com is a website; www.abc.com is another site; pay.abc.com is another website. Note: This server domain name should match the SMTP/POP3 server names set by the mail client software.
email address []://e-mail addresses, can not be filled
Please enter the following ' extra ' attributes
To is sent with your certificate request
A Challenge Password []://can not be filled
An optional company name []://can not be filled in
OpenSSL x509-req-days 365-in host.csr-signkey host.key-out host.cert
Parameter explanation:
X509
Generate a copy of the certificate.
-req
The OpenSSL command that the user generated the certificate request.
-days 365
The certificate age is 365 days from the time of generation.
-in
Specify HOST.CSR to request a file for a certificate
-signkey
Specify Host.key as the key pair file
-out
To save the generated certificate file to a file Host.cert
How to set a password before, you will be prompted to enter the password. If the server is looking for HOST.CRT, you can use the CP Host.cert HOST.CRT
Finally put Host.key Host.cert these two files into the Conf configuration file, open application.conf
Join
https.port=9443
Certificate.key.file=conf/host.key
Certificate.file=conf/host.cert
certificate.password=123456 (the password you set previously)
Trustmanager.algorithm=jks
Visit: https://localhost:9443/
Play Framework SSL
