1

我正在尝试将 SSL 与我的 Playframework 1.2.5 应用程序一起使用,但似乎无法使其正常工作。

我有来自 GoDaddy 的 SSL 证书。我从 application.conf 中引用了 key & crt 文件,如下所示:

%prod.https.port=443
%prod.certificate.key.file=conf/hawkanalytics.key
%prod.certificate.file=conf/hawkanalytics.com.crt

但是,尝试访问应用程序时出现以下错误:

22:49:33,836 INFO  ~ Listening for HTTPS on port 443 ...
java.lang.NullPointerException
        at play.server.ssl.SslHttpServerContextFactory$PEMKeyManager.<init>(SslHttpServerContextFactory.java:94)
        at play.server.ssl.SslHttpServerContextFactory$PEMKeyManager.<clinit>(SslHttpServerContextFactory.java:79)
        at play.server.ssl.SslHttpServerContextFactory.<clinit>(SslHttpServerContextFactory.java:47)
        at play.server.ssl.SslHttpServerPipelineFactory.getPipeline(SslHttpServerPipelineFactory.java:29)
        at org.jboss.netty.channel.socket.nio.NioServerSocketPipelineSink$Boss.registerAcceptedChannel(NioServerSocketPipelineSink.java:274)
        at org.jboss.netty.channel.socket.nio.NioServerSocketPipelineSink$Boss.run(NioServerSocketPipelineSink.java:239)
        at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:102)
        at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:679)
22:49:43,372 ERROR ~
java.lang.NullPointerException
        at play.server.ssl.SslHttpServerContextFactory$PEMKeyManager.<init>(SslHttpServerContextFactory.java:94)
        at play.server.ssl.SslHttpServerContextFactory$PEMKeyManager.<clinit>(SslHttpServerContextFactory.java:79)
        at play.server.ssl.SslHttpServerContextFactory.<clinit>(SslHttpServerContextFactory.java:47)
        at play.server.ssl.SslHttpServerPipelineFactory.getPipeline(SslHttpServerPipelineFactory.java:29)
        at org.jboss.netty.channel.socket.nio.NioServerSocketPipelineSink$Boss.registerAcceptedChannel(NioServerSocketPipelineSink.java:274)
        at org.jboss.netty.channel.socket.nio.NioServerSocketPipelineSink$Boss.run(NioServerSocketPipelineSink.java:239)
        at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:102)
        at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:679)
22:49:43,504 DEBUG ~ Invalid certificate
javax.net.ssl.SSLHandshakeException: no cipher suites in common
        at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1031)
        at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:508)
        at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:759)
        at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:727)
        at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
        at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:938)
        at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:656)
        at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:317)
        at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:207)
        at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:75)
        at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:792)
        at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:296)
        at org.jboss.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:352)
        at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:334)
        at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:207)
        at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:75)
        at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
        at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
        at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
        at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:94)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.processSelectedKeys(AbstractNioWorker.java:372)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:246)
        at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:38)
        at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:102)
        at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:679)
4

3 回答 3

2

检查您使用的“.key”文件是 RSA PRIVATE KEY 还是 PRIVATE KEY。

播放框架似乎需要带有标题“-----BEGIN RSA PRIVATE KEY-----”的 RSA PRIVATE KEY

转换: 如何将私钥转换为 RSA 私钥?.

于 2014-01-29T06:27:34.270 回答
1

我按照生产模式文档中的说明和startssl的免费证书让这个工作

要对此进行测试,请在本地将以下条目添加到您的主机文件中

127.0.0.1 my-ssl-domain.com

接下来将证书复制到play-app/conf/host.cert. 现在在文本编辑器中打开您的密钥文件。
如果您Proc-Type: 4,ENCRYPTED在密钥文件的顶部看到一行,则它是加密的。我使用startssl webinterface解密了我的,但你应该能够从命令行使用

openssl rsa –in my_downloaded_ssl_key.key -out play-app/conf/host.key

如果您的密钥未加密,您可以将其直接复制到play-app/conf/host.key

最后编辑application.conf并添加以下行:

https.port=443
certificate.key.file=conf/host.key
certificate.file=conf/host.cert
certificate.password=my-private-key-password
trustmanager.algorithm=JKS

我在开发模式下测试了这个sudo play run .。我正在使用 sudo 绑定到端口 443。您可以在此答案中找到解决此特定问题的更好方法

于 2015-07-06T14:06:53.597 回答
0

我不使用 Play 1.x,但根据有关 HTTPS 配置的文档,它指出:

您需要将证书放在 conf 目录中。Play 支持 X509 证书和密钥库证书。X509 证书必须按如下命名: host.cert用于证书,host.key用于密钥。如果您使用的是密钥库,那么默认情况下它应该被命名为certificate.jks

我不是 100% 肯定它是强制性的,但这意味着你应该有这样的 conf:

%prod.https.port=443
%prod.certificate.key.file=conf/host.key
%prod.certificate.file=conf/host.cert
于 2013-04-18T07:13:11.157 回答