I have wiremock running on my local, using the jars wiremock-grpc-extension-standalone-0.4.0.jar and wiremock-standalone-3.3.1.jar I am able to mock the grpc calls on my local as i was not using TLS verification on local. But when I have deployed wiremock in our gke cluster, I was not getting mock responses, typically because this deployment doesnot have certificates. I have added certificates in the /certificates folder. still facing the same issue. [ERROR] UNAVAILABLE: io exceptionChannel Pipeline: [SslHandler#0, ProtocolNegotiators$ClientTlsHandler#0, WriteBufferingAndExceptionHandler#0, DefaultChannelPipeline$TailContext#0] Can someone help me out in providing certificates to wiremock jar??

To provide your own certificate to WireMock you need to bundle it into a Java keystore file and set the path to this on WireMock’s startup via the

--https-keystore

parameter. Alternatively you could use an external TLS terminator e.g. nginx.

Still facing the same issue. I have provided a .jks file

It might be worth validating the JKS file by starting WireMock locally with it and using e.g. grpcurl to test your gRPC mock.

Exception in thread "main" java.io.IOException: Keystore was tampered with, or password was incorrect getting this error when running in local. but i haven't provided password while building the app

Is they keystore file password protected?

yes

OK, then you also need to supply

--keystore-password

and possibly

--key-manager-password

Do i need to expose 8080 port or 8443 port for grpc??

Depends whether you want to serve it over TLS or not.

Yes, i want to serve it on tls

OK, then make sure the HTTPS port is set on startup to 8443 then expose that.

server does not support the reflection API

Can we enable server reflection for the jar??

I’ve never seen this error before so will need a lot more context to understand what’s happening: • How are you starting WireMock - full command line? • What output do you see on startup? • Where are you seeing this error? • Is there an associated stack trace?

ENTRYPOINT exec java $JAVA_OPTS -cp wiremock-standalone.jar:wiremock-grpc-extension-standalone.jar wiremock.Run --port 8080 --https-port=8443 --root-dir wiremock-data --https-keystore=keystore_new.p12 --keystore-type pkcs12  --https-truststore=keystore_new.p12 --truststore-type=pkcs12

This is my docker command. Im able to hit through postman, but not through my other grpc service. I can clearly understand it is a certificate issue. openssl pkcs12 -export -out keystore_new.p12 -inkey mercatorPrivateKey.key -in mercatorCert.crt Command used to generate keystore ^^ But still not working, can u help me out??

Have you built a DSC file and put it in the grpc folder mounted in the container?

yes

When you hit it through Postman is that on the plain text port or TLS?

with TLS

BTW, WireMock genuinely doesn’t support server reflection at the moment, but it shouldn’t be necessary if you’ve got the proto on both sides.

server reflection is not a problem,

OK, what error do you see now?

[SslHandler#0, ProtocolNegotiators$ClientTlsHandler#0, WriteBufferingAndExceptionHandler#0, DefaultChannelPipeline$TailContext#0]

Is this being thrown by your client?

yes

I don’t know what that error means unfortunately. I’d hazard a guess that the certificate configuration hasn’t worked properly and so the client doesn’t trust WireMock. But it’s hard be sure with such a cryptic message.

is there a way that i can disbale ssl verification or something of this sort??

Most/all of the major HTTP clients will can be configured to trust all certificates, usually by supplying your own SSLContext when constructing the client. I don’t know how do it in Spring/gRPC specifically.