Wiremock with trusted self signed certificate

wiremock-cert.md

1. Create a self signed certificate, explicitly specify connection source dns (localhost) name and ip (0.0.0.0).

This allows client to use https://localhost or https://0.0.0.0

keytool -genkey -alias profiler -keyalg RSA -keysize 1024 -validity 1365 -keypass password -keystore wiremock.jks -storepass password -ext SAN=dns:localhost,ip:0.0.0.0

• Notice -ext option that adds Subject Alternate Names and the difference with CN https://support.dnsimple.com/articles/what-is-common-name/

As a result there is a private/public key pair in wiremock.jks keystore

2. Start wiremock with https enabled and custom keystore

java -jar wiremock-standalone-2.15.0.jar --port 9090 --https-port 9091 --https-keystore wiremock.jks --verbose

3. Check certificate returned by wiremock use

echo | openssl s_client  -connect localhost:9091 2>/dev/null |  openssl x509 -text

4. Fetch certificate returned by wiremock

echo -n | openssl s_client -connect localhost:9091 |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > wiremock.crt

5. Add certificate returned by wiremock to trusted certificates.

keytool -import -trustcacerts -keystore ${java.home}/jre/lib/security/cacerts -storepass changeit -noprompt -alias wiremock -file wiremock.crt

• To delete alias:

    keytool -delete -alias wiremock -keystore ${java.home}/jre/lib/security/cacerts -storepass changeit -noprompt
  

• To list certs in keystore:

    keytool -v -list -keystore wiremock.jks
  

@dentys that was useful, thank you! 👍