Play 2.x WS API and self signed certificates 5

Posted by Jens J├Ąger on December 03, 2013

The play web service API provides an easy way to use your play application as an http client. Usually you should use Play’s asynchronous mechanisms to use the web service response. But sometime you just want to wait for the web service responce (in a job). You can do this with the following method:

When the web service you want to call uses self signed certificates you will run into an exception:

To allow self-signed ssl certificates you just have to add the following to your application.conf.

When you unit test your web service call make sure your test runs inside a FakeApplication.


Use this link to trackback from your own site.


Leave a response

  1. […] Self signed certificates are common, especially on testservers. The java default solution to add the certificate to every developers and buildservers java vm is a pain in the ass. For the play WS api there is an easy workaround. […]

  2. Will Sargent Sat, 26 Apr 2014 00:17:59 CEST

    Please edit this post and let people know that Play 2.3 will let them configure trust stores far more easily. Please don’t disable certificate verification, even in testing, because far too often it gets out into production environments.

    I’m adding as much documentation as I can to make it clear what to do:

    And I’ve written about the implementation behind the scenes here (warning, it gets technical):

  3. Jens Tue, 06 May 2014 23:06:06 CEST

    Hi Will,

    thank you so much for your comment.

    I will write another article and update these when my applications are updated to play 2.3 and I worked trough your great article.


  4. Will Sargent Tue, 08 Jul 2014 20:32:12 CEST

    Hi Jens,

    I’ve written an activator template that shows how to use Play 2.3 and WS with certificates:

    It comes with scripts which will generate the X.509 certificates needed to set up your server and client — you just need to change the hostname from, and you’re done. There is also documentation on the scripts here:

    I’ve also added documentation to show how to mix WS to see certificates from public and private servers:

    ws.ssl {
    trustManager = {
    stores = [
    { path: ${}/exampletrust.jks } # Added trust store
    { path: ${java.home}/lib/security/cacerts } # Fallback to default JSSE trust store

    If you download the activator template and experiment with it, I think you’ll find TLS and X.509 certificates get much easier to work with.

  5. Jens Tue, 08 Jul 2014 21:09:48 CEST

    Hi Will,

    looks awesome. Thanks for sharing.



Information about Data protection