PKCS12 Client Certificate Not Working

(Play 2.82, Scala 2.13.3, Java 1.8)

Hello:

Using a PKCS12 client certificate for the first time. I am able to successfully use the certificate in curl:

curl --cert-type P12 --cert cert.p12:'certificate_password' https://my.secure.service.com

However, when using WS, doesn’t work. The code:

ws   \\ obtained from Play Framework DI
  .url("https://my.secure.service.com")
  .withMethod("GET")
  .execute()
  .map { response =>
    ...
  }

Gives (following the caused-by chain to the bottom):

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:313)
    at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
    ...

Using this configuration:

ssl-config {
  keyManager {
    stores += {type: "PKCS12", path: "cert.p12", password: ${SSL_KEY_PASSWORD}}
  }
}

I have gone through the Lightbend ssl-config documentation and cannot figure our what I am doing wrong.

What am I doing wrong?

Thank you!

I figured it out and it is now working. I had the configuration wrong. The configuration should be:

play.ws.ssl {
  keyManager {
    stores += {type: "PKCS12", path: "cert.p12", password: ${SSL_KEY_PASSWORD}, classpath: true}
  }
}

This is solved. Thanks!

I had the same problem. The configuration seems to have been updated as of Play 2.6+ but the new version of the configuration simply does not work…

Would be great if someone was to update it :slight_smile: