Course 'Wildcard SSL Certificates for Federated Services'

The universal drive to SSL-enable all web pages has reached the point where search engines now favor SSL-enabled web sites. You might have heard about free SSL certificates that are now available from Those certificates work well for simple web sites which do not use cloud-based services such as content distribution networks (CDNs) for securely serving assets, however they do not provide any relief from cross-site scripting issues. CDNs are important for reducing latency and increasing scalability.

The old-school method of front-ending an application server like Tomcat or Play Framework with a web server like Apache httpd or nginx so static assets are served by the web server instead of a CDN provides poor latency. It is better to set up DNS entries for each cloud service so they can be addressed as subdomains of your main web site. This is the first step towards federating cloud services with your web site.

Free SSL certificates cannot be used to federate cloud-based services with a web site. Instead, a wildcard SSL certificate is required. Working with wildcard SSL certificates is significantly more complex than working with single-site SSL certificates. This course provides step-by-step instructions for provisioning a wildcard SSL certificate for web applications that are integrated with cloud-based assets, such as the Amazon Web Services CloudFront CDN. A working example web application written in Scala and using Play Framework 2.4 is provided, however most of this course is equally applicable to all web server technologies and does not require Play Framework, Scala or even a Java virtual machine. This course is equally applicable whether you host your web site on AWS EC2 or wtih any other hosting provider.

This course is important for devops, since it covers a mixture of operating system-level information, practical security guidelines, hands-on practice using cloud services and tips for Play Framework for Scala webapps. Up-to-date software tools are provided so students can enable SSL support using current best practices. Explicit directions are given so your web site can achieve a score of A+ in the SSL Labs Security assessment.

A lot of information from a variety of sources has been distilled into this course. Instead of taking weeks to figure things out, students that meet the prerequisites should be able to work through this course and fully deploy a wildcard SSL certificate to their Play Framework webapp and an associated AWS CloudFront distribution in one day.

This course does not discuss any special considerations for using wildcard SSL certificates with Play Framework WS SSL.

If you host, or want to host your application on AWS EC2 using the latest features for scalability and reliability, please enroll in the short follow-on course Realistic AWS EC2 Configuration for Wildcard SSL Certificates.

Content Breakdown

  • 65% applicable to web sites written in any computer language, including Java, Perl, PHP, Python, Ruby or Scala.
  • 35% specific to application servers running on the Java virtual machine (JVM)
  • 25% specific to Play Framework 2 for Scala
  • 5% specific to Amazon Web Services
  • 65% specific to Debian-compatible servers
  • 10% specific to Mac OS/X
  • 0% applicable to Windows servers


  • Access to a development computer running Mac OS/X or a Debian derivative such as Ubuntu; this course provides detailed instructions for both types of developer systems. If you only have access to a Windows computer for development, then you must either install a virtual operating system environment and then install Ubuntu, or you use an ssh client or VNC server to access a bash shell running on a Debian-compatible server, for example an Ubuntu server hosted on Amazon Web Services, Digital Ocean, Google Cloud or Microsoft Azure.
  • The server you wish to apply a wildcard SSL certificate to must run a Debian-compatible OS such as Ubuntu. Although most of this course is equally applicable to any Linux server, the course only provides the latest builds of SSL-related software for Debian-compatible OSes like Ubuntu, XUbuntu, KUbuntu and Mint.


Introduction to Play Framework 2 for Scala course or equivalent is recommended to be able to understand the Play-specific content.

How to Study This Course

The video on the front page of this web site discusses how to study this course. The transcript tab contains the same information as the video in written form.

Date Lecture Changes
2016-02-03 Reverse Proxies and Firewalls Added status 500 and 503 pages to Pound configuration
2016-01-15   Course released
2016-01-15 Test Wildcard SSL Setup First published transcript and video
2015-12-26 Going Live Hived from AWS CloudFront Support for Wildcard SSL Certificates
2015-12-19 Obtaining and Installing a Wildcard SSL Certificate Published video
2015-12-09 First Steps Published video
2015-12-08 Reverse Proxies and Firewalls Published video
2015-12-06 Reverse Proxies and Firewalls Hived from the First Steps lecture
2015-11-11 AWS CloudFront Support for Wildcard SSL Certificates Hived from the First Steps lecture
Price: $99usd