It won't work with the approach you are taking. You are mistaking release notes of 1.x branch with 2.x branch.
in 1.x branch, it is possible. Release notes are sufficient, and they worked for me.
For 2.1+ branch, please refer to @Christina's comment. Support has been added in 2.1 and the discussion thread provides details.
Quoting James Roper's response
In dev mode, it's very easy, just:
JAVA_OPTS=-Dhttps.port=9443 play run
Play will generate a private key and self signed certificate, which
obviously your browser will balk at with a big red warning. It will
reuse that generated self signed certificate for each subsequent run
of Play, so you should only get the browser error once. Obviously
this self signed certificate is probably not what you want in
production. Also important to note is that the self signed
certificate generation will only work on JVMs that use the sun
security libraries (eg Oracle and OpenJDK, but most notably not IBM
J9). On JVMs that don't use these, you will get a
NoClassDefFoundError when it tries to generate the certificate.
In prod (and this config also applies to dev) you configure it much
the same way that you configure SSL ordinarily in Java, via system
properties. Here's a summary:
https.port - The port that should be used
https.keyStore - The path to
the keystore containing the private key and certificate, if not
provided generates a keystore for you
https.keyStoreType - The key
store type, defaults to "JKS"
https.keyStorePassword - The password,
defaults to ""
https.keyStoreAlgorithm - The key store algorithm,
defaults to the platforms default algorithm
https.trustStore - This
feature hasn't been fully implemented, currently it will always use
the JDKs trust store for verifying client side certificates (which you
can of course configure yourself) whether you supply a value for this
or not, unless you specify "noCA", in which case, it will use a trust
store that trusts all certificates with no validation or verification,
which is useful for if using webid client side certificate verification.
For 2.0 branch, you have to put another server infront of play i.e either apache/nginx/other which listens on https and forwards the request to play in http.
Instructions to setup a frontend server are available at http://www.playframework.org/documentation/2.0.1/HTTPServer
So run your play server on a port. Have apache forward request from domain.com to 127.0.0.1:9443.
Sample apache config
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName example.com
ServerAlias *.example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
ProxyPreserveHost On
# ProxyPass /excluded !
ProxyPass / http://127.0.0.1:9000/
ProxyPassReverse / http://127.0.0.1:9000/
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
Hope it helps.
