SSL for REST API
45 views
Skip to first unread message
Jamiel Sheikh
Apr 25, 2017, 4:29:32 PM4/25/17
to play-fr...@googlegroups.com
Is the SSL cert Play 2.5.x generate sufficient enough for encrypting HTTP headers for a REST API that has no chance of ever being accessed by a browser? I'd like to avoid purchasing a cert if possible if all I need is encryption of HTTP body / headers. Any suggestions on this? Thanks kindly
Igmar Palsenberg
Apr 26, 2017, 2:45:42 AM4/26/17
to Play Framework
Op dinsdag 25 april 2017 22:29:32 UTC+2 schreef Jamiel:
Is the SSL cert Play 2.5.x generate sufficient enough for encrypting HTTP headers for a REST API that has no chance of ever being accessed by a browser? I'd like to avoid purchasing a cert if possible if all I need is encryption of HTTP body / headers. Any suggestions on this? Thanks kindly
The encryption is the same. Throwing in money is just about buying trust.
Igmar
Thibault Meyer
Apr 26, 2017, 3:14:32 AM4/26/17
to Play Framework
Play generate a self-signed certificat, is not suitable for production. If you don't wan't pay $20 for a SSL certificate (namecheap.com) you can try Let's Encrypt, it's free.
Igmar Palsenberg
Apr 26, 2017, 3:27:23 AM4/26/17
to Play Framework
Op woensdag 26 april 2017 09:14:32 UTC+2 schreef Thibault Meyer:
Play generate a self-signed certificat, is not suitable for production. If you don't wan't pay $20 for a SSL certificate (namecheap.com) you can try Let's Encrypt, it's free.
It is, for internal use. There is not technical difference between a self-signed one, and a commercial one, except the trust.
Igmar
Will Sargent
Apr 27, 2017, 8:27:32 PM4/27/17
to Play Framework
You can generate ECC certificates and run with TLS 1.2 and that's perfectly fine. You'll want to make sure you have your certificates in the trust store that you're using, though, and ensure you have the Unlimited Strength Jurisdiction Policy Files.
You can generate certificates here using the example here:
and that should help.
Jamiel Sheikh
Apr 29, 2017, 12:18:27 AM4/29/17
to play-fr...@googlegroups.com
Will,
Is this example project applicable to REST API written with Play Framework that is a server? In my case, it is not a WS client consuming a REST API but a provider of a REST API
--
You received this message because you are subscribed to the Google Groups "Play Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to play-framework+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/play-framework/c66a9a3b-5a3c-4413-b308-52d3d00f153c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages