Maybe related: what’s the purpose of CA WireMock certificate? In WM documentation it says it signs certificates of the proxied sites. How is it used?

Is it possible to provide a keystore to WM so that no matter which server it proxies from, the certificate that the client sees when talking to WM is always the same?

I tried to extract a CA WireMock certificate from my machine's

~/.wiremock

, and provide a truststore with it to the client. Now the client complains that the common name does not match. I assume it's because the WM passes that certificate to the client directly, rather than signing the target server certificate with it, and then passing that signed certificate to the client.

I think, I'm having a similar issue to this one: https://community.wiremock.io/t/18473673/hi-team-i-have-a-wiremock-running-in-local-and-i-want-to-use

Having looked at WireMock GitHub repo, I see what might be going on, but I'll be able check that tomorrow at the earliest. Here's my guess. Because I'm running WireMock on JDK 21 some functionality from JDK 17 is not available, for example, signing certificates on the fly. Additionally, I must use

--add-opens java.base/sun.security.x509=ALL-UNNAMED

at runtime: even in JDK 17 that functionality is non-exported.

Yep, that was it.