Skip to content

Instantly share code, notes, and snippets.

@dentys
Last active October 13, 2023 12:01
Show Gist options
  • Save dentys/1bdd2897a53b1a8b56007a480243c33a to your computer and use it in GitHub Desktop.
Save dentys/1bdd2897a53b1a8b56007a480243c33a to your computer and use it in GitHub Desktop.
Wiremock with trusted self signed certificate

1. Create a self signed certificate, explicitly specify connection source dns (localhost) name and ip (0.0.0.0).

This allows client to use https://localhost or https://0.0.0.0

keytool -genkey -alias profiler -keyalg RSA -keysize 1024 -validity 1365 -keypass password -keystore wiremock.jks -storepass password -ext SAN=dns:localhost,ip:0.0.0.0

As a result there is a private/public key pair in wiremock.jks keystore

2. Start wiremock with https enabled and custom keystore

java -jar wiremock-standalone-2.15.0.jar --port 9090 --https-port 9091 --https-keystore wiremock.jks --verbose

3. Check certificate returned by wiremock use

echo | openssl s_client  -connect localhost:9091 2>/dev/null |  openssl x509 -text

4. Fetch certificate returned by wiremock

echo -n | openssl s_client -connect localhost:9091 |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > wiremock.crt

5. Add certificate returned by wiremock to trusted certificates.

keytool -import -trustcacerts -keystore ${java.home}/jre/lib/security/cacerts -storepass changeit -noprompt -alias wiremock -file wiremock.crt
  • To delete alias:

      keytool -delete -alias wiremock -keystore ${java.home}/jre/lib/security/cacerts -storepass changeit -noprompt
    
  • To list certs in keystore:

      keytool -v -list -keystore wiremock.jks
    
@longtimeago
Copy link

@dentys that was useful, thank you! 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment