Wiremock standalone 2.32.0 error on https proxy

433 views
Skip to first unread message

Lucas Romão Silva

unread,
Jan 18, 2022, 4:02:31 PM1/18/22
to wiremock-user
I'm doing a PoC on a react app using wiremock to mock the requests. However, I have tried configuring the ca certificate, setting an https port and whatsover but I can't make the proxy of an HTTPS endpoint work.
Here are the configurations on the wiremock

npx wiremock --record-mappings --port 8081 --preserve-host-header --verbose --proxy-all="https://homolog-api.com.br" --https-port 443 --enable-browser-proxying


And this is what I get when I use a curl on the https port

*   Trying ::1...

* TCP_NODELAY set

* Connection failed

* connect to ::1 port 443 failed: Connection refused

*   Trying 127.0.0.1...

* TCP_NODELAY set

* Connected to localhost (127.0.0.1) port 443 (#0)

* ALPN, offering h2

* ALPN, offering http/1.1

* successfully set certificate verify locations:

*   CAfile: /etc/ssl/cert.pem

  CApath: none

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Server hello (2):

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (OUT), TLS alert, unknown CA (560):

* SSL certificate problem: self signed certificate

* Closing connection 0

curl: (60) SSL certificate problem: self signed certificate

More details here: https://curl.haxx.se/docs/sslcerts.html


When doing it in my browser,  I get a 403 from the cdn. Can you help me out on it?

Tom Akehurst

unread,
Jan 19, 2022, 2:14:21 PM1/19/22
to wiremock-user
Which Java version are you using to run WireMock?

If it's higher than 11, the certificate generation code needed for MITM proxying doesn't work at the moment. We're working on a long-term solution for this.

Message has been deleted

Tom Akehurst

unread,
Jan 28, 2022, 9:58:53 AM1/28/22
to Lucas Romão Silva, wiremock-user
Sorry, I misread your curl output before. You need to specify the -k switch to curl to allow self-signed certificates, and you'll need to do something equivalent on your CDN if you want to allow it to connect to a self-signed backend.

Alternatively you need to get hold of a CA signed SSL certificate, build a keystore containing it, then pass that to WireMock.

On Fri, 28 Jan 2022 at 14:56, Lucas Romão Silva <lucas...@quintoandar.com.br> wrote:
I'm using java 8 to run it
Atenção: este email contém informação confidencial. Se você o receber por engano, por favor, informe-nos e apague-o; não copie ou divulgue seu conteúdo.
Warning: this email contains confidential information. If you have received it by mistake, please let us know and delete it; do not copy or disclose its contents. 

--
You received this message because you are subscribed to the Google Groups "wiremock-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wiremock-use...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/wiremock-user/1139e6e4-e5fb-41b2-925f-049f27070de4n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages