https://linen.dev logo
Title
s

Sundar

01/30/2023, 11:57 AM
when i try to call https post method. getting error as "Error: write EPROTO 64261128:error:10000410:SSL routines😮PENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE:../../../../src/third_party/boringssl/src/ssl/tls_record.cc:594:SSL alert number 40"
t

Tom

01/30/2023, 11:58 AM
Hi @Sundar what happens if you omit the https-keystore parameter so that you’re using WireMock’s default store?
s

Sundar

01/30/2023, 12:01 PM
when i ommit https-keystore parameter, i m getting error as "Error: self signed certificate"
t

Tom

01/30/2023, 12:02 PM
🤔
Have you tried with any other HTTP clients/SSL implementations?
s

Sundar

01/30/2023, 12:03 PM
i got the error ""Error: self signed certificate"" when i tried to call the https post method using postman tool
when i call the https post method from the applicaiton i got error as "avax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed"
t

Tom

01/30/2023, 12:03 PM
Sorry, I mean when you use your keystore with other HTTP clients, do you see a similar error as the original one?
Ah OK. Might be that you didn’t include intermediate certificates in in the keystore?
s

Sundar

01/30/2023, 12:06 PM
i have requested ssl certificate to my network team and they provided me back three files "yy.cer", yy.p7b, and yy.pem
👀 1
i create jks file then executed the below command
keytool -import -trustcacerts -alias mock -file yy.cer -keystore wiremock.jks
t

Tom

01/30/2023, 12:07 PM
This is the script we use to build keystores correctly for WireMock:
#!/bin/bash

# Concatenate all the things
cat main-cert.pem > main-and-intermediate-certs.pem
cat intermediate-certs.pem >> main-and-intermediate-certs.pem

# Convert to .p12
openssl pkcs12 -export -inkey main-cert.key -in main-and-intermediate-certs.pem -out wiremock.p12

# Make a Java keystore
keytool -importkeystore -deststorepass keystorepassword -destkeypass keystorepassword -srckeystore wiremock.p12 -srcstoretype PKCS12 -srcstorepass keystorepassword -destkeystore keystore.jks
keytool -list -v -keystore keystore.jks
s

Sundar

01/30/2023, 12:08 PM
will the above work in Windows ?
t

Tom

01/30/2023, 12:08 PM
You’ll need to tweak it a bit, or run Ubuntu for Windows if you can
Provided you’ve got openssl and a JDK on the PATH the Windows equivalent should be very similar
s

Sundar

01/30/2023, 12:10 PM
i have used this command to create my jks file
keytool -genkey -alias wiremock -keyalg RSA -keysize 1024 
 -validity 365 -keypass password -keystore identity.jks -storepass password
what is main-cert.key file ?
t

Tom

01/30/2023, 12:42 PM
This the the private key that (should) always come with the certificate
When your certificate authority issues the cert either they generate this for you or you generate it yourself prior to sending them the signing request.
s

Sundar

01/31/2023, 5:32 AM
I have followed the steps which you provided and its worked. Thank you
👍 1