Hi everyone wave I m using WireMock in standalone mode via ` WireMock #help

Hi everyone :wave: I'm using WireMock in standalon...

Jesus Perez

05/29/2025, 2:07 PM

Hi everyone 👋 I'm using WireMock in standalone mode (via

wiremock-standalone.jar

), configured to act as an HTTPS proxy using:

Copy code

--https-port 8443 --enable-browser-proxying

I noticed that WireMock generates a dynamic self-signed CA, and exposes the root certificate at:

Copy code

/__admin/certs/wiremock-ca.crt

This works fine, I can trust the CA in my clients and avoid SSL errors when intercepting HTTPS traffic. However, I'm looking for a way to use a custom or persistent CA, so I don’t have to re-export and re-trust the CA every time WireMock restarts... Does anyone know if there's a way to: 1. Provide a custom CA in standalone mode? 2. Or at least reuse a previously generated CA? I’m aware this can be done when embedding WireMock as a Java library (

caKeystorePath

, etc.), but I’d prefer to keep using the standalone JAR if possible. Thanks in advance!

Jesus Perez

05/29/2025, 2:47 PM

I found the solution to using a persistent CA in standalone mode: WireMock does allow you to specify a custom CA when running in standalone mode with

--enable-browser-proxying

. You can pass the following flags to the JAR:

Copy code

--ca-keystore=/path/to/ca-keystore.jks
--ca-keystore-password=your_password
--ca-keystore-type=jks  # optional

Before that, you need to generate the keystore using the script provided by WireMock: https://github.com/tomakehurst/wiremock/blob/master/scripts/create-ca-keystore.sh Mount the resulting

.jks

file as a volume (e.g. via ConfigMap if you're using Kubernetes), and WireMock will reuse the same CA across restarts avoiding issues with clients rejecting rotated certificates. Hope this helps others facing the same issue!

7 Views

Open in Slack

Previous Next