when i try to call https post method. getting erro...
# wiremock-java
when i try to call https post method. getting error as "Error: write EPROTO 64261128error10000410:SSL routinesOPENSSL internalSSLV3_ALERT_HANDSHAKE_FAILURE../../../../src/third party/boringssl/src/ssl/tls record.cc594:SSL alert number 40"
Hi @Sundar what happens if you omit the https-keystore parameter so that you’re using WireMock’s default store?
when i ommit https-keystore parameter, i m getting error as "Error: self signed certificate"
Have you tried with any other HTTP clients/SSL implementations?
i got the error ""Error: self signed certificate"" when i tried to call the https post method using postman tool
when i call the https post method from the applicaiton i got error as "avax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed"
Sorry, I mean when you use your keystore with other HTTP clients, do you see a similar error as the original one?
Ah OK. Might be that you didn’t include intermediate certificates in in the keystore?
i have requested ssl certificate to my network team and they provided me back three files "yy.cer", yy.p7b, and yy.pem
👀 1
i create jks file then executed the below command
keytool -import -trustcacerts -alias mock -file yy.cer -keystore wiremock.jks
This is the script we use to build keystores correctly for WireMock:
Copy code

# Concatenate all the things
cat main-cert.pem > main-and-intermediate-certs.pem
cat intermediate-certs.pem >> main-and-intermediate-certs.pem

# Convert to .p12
openssl pkcs12 -export -inkey main-cert.key -in main-and-intermediate-certs.pem -out wiremock.p12

# Make a Java keystore
keytool -importkeystore -deststorepass keystorepassword -destkeypass keystorepassword -srckeystore wiremock.p12 -srcstoretype PKCS12 -srcstorepass keystorepassword -destkeystore keystore.jks
keytool -list -v -keystore keystore.jks
will the above work in Windows ?
You’ll need to tweak it a bit, or run Ubuntu for Windows if you can
Provided you’ve got openssl and a JDK on the PATH the Windows equivalent should be very similar
i have used this command to create my jks file
Copy code
keytool -genkey -alias wiremock -keyalg RSA -keysize 1024 
 -validity 365 -keypass password -keystore identity.jks -storepass password
what is main-cert.key file ?
This the the private key that (should) always come with the certificate
When your certificate authority issues the cert either they generate this for you or you generate it yourself prior to sending them the signing request.
I have followed the steps which you provided and its worked. Thank you
👍 1