Scala Play framework points multiple trust managers at the PEM file using Play WS

I want to use Play WS to invoke multiple other services in my application.

Given this docs, https://www.playframework.com/documentation/2.4.x/WSQuickStart

I know how to point trust manager at the PEM file. But question here is how about I want to invoke multiple web services and each of them has different root certificates? How can I specify mutiple certs?

play.ws.ssl {
  trustManager = {
    stores = [
      { type = "PEM", path = "/path/to/cert/globalsign.crt" }
    ]
  }
}

Also, if some of the services using a public trust certificate, whether the above code will take effect to those services?

To use multiple certs you can do any of the following:

1. Add each cert to the ssl configuration as with globalsign.crt and service2.crt only from below
2. Create a truststore, add each cert to the trust store, the provide the truststore to ws. This will be as with services.jks only below
3. Or a combination of 1 and 2..

To also depend on public certs you need to tell play-ws to use the default trust store as well.

play.ws.ssl {
  trustManager = {
    stores = [
      { type = "PEM", path = "/path/to/cert/globalsign.crt" }
      { type = "PEM", path = "/path/to/cert/service2.crt" }
      { type = "JKS", path = "/path/to/truststore/services.jks" } #Added trust store
      { path: ${java.home}/lib/security/cacerts } # Fallback to default JSSE trust store
    ]
  }
}

Refer to https://www.playframework.com/documentation/2.4.x/ExampleSSLConfig.

You may need to refer to something like these for creating and managing truststore: https://docs.oracle.com/cd/E19509-01/820-3503/6nf1il6er/index.html, https://docs.oracle.com/cd/E19830-01/819-4712/ablqw/index.html