Hi Team, I have a Wiremock running in local and I want to use Wiremock as a Proxyt which will record all the request/response that goes through it. I run this command java -jar wiremock-standalone-3.5.4.jar --verbose --port 9090 --enable-browser-proxying --trust-all-proxy-targets to make Wiremock doesn't need specific targetbase url and also the actual target service endpoint is https so I use --trust-all-proxy-targets. But when I start the server and execute the client proxy , I end up with the below error. I have been struggling with this issue for last few days. Please help . Exception in thread "main" javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Note : I use http://localhost:9090 as a proxy and call https://endpoint through wirmock

When you enable browser proxying WireMock has to set itself up as an MITM, meaning that it fakes the certificates for target domains. By default (rightly!) your client app won’t trust these certificates so you have to do one of the following: 1. Make your client trust WireMock’s signing certificate, so that it’ll in turn trust each domain’s fake cert. https://wiremock.org/docs/proxying/#browser-proxying-of-https 2. Disable certificate validation completely in your client.

@Tom - Thank you for your response. I don't have any control over the client since its a http client library used within the platform. Is there a way that I can add the client expected certs in wiremock?

If you have a CA (signing) certificate that the client already trusts then you could import this into WireMock, potentially.

Thank you. I tried downloading the Wiremock CA crt and uploaded in my OS keychain and tried running the client but still had the same error. Is there any doc that I can follow to import the cert that client already trusts into Wiremock .

I don’t think the JVM will normally delegate to your keychain so I think you have you place the certs in the JRE’s own CA certs collection. This looks like a way to do this: https://stackoverflow.com/a/25953317/1008361

ok..I tried generating the keystore and try to add this param --ca-keystore, --ca-keystore-password & --ca-keystore-type but while starting wiremock its throwing exception . It seems like Wiremock not able to understand the param. If I give this --https-truststore keystore.jks --truststore-password , it is able to understand but end up with the same exception.