when i try to call https post method. getting erro...
# wiremock-javas
Sundar
01/30/2023, 11:57 AMwhen i try to call https post method. getting error as "Error: write EPROTO 64261128error10000410:SSL routinesOPENSSL internalSSLV3_ALERT_HANDSHAKE_FAILURE../../../../src/third party/boringssl/src/ssl/tls record.cc594:SSL alert number 40"
t
Tom
01/30/2023, 11:58 AMHi @Sundar what happens if you omit the https-keystore parameter so that you’re using WireMock’s default store?
s
Sundar
01/30/2023, 12:01 PMwhen i ommit https-keystore parameter, i m getting error as "Error: self signed certificate"
t
Tom
01/30/2023, 12:02 PM🤔
Tom
01/30/2023, 12:02 PMHave you tried with any other HTTP clients/SSL implementations?
s
Sundar
01/30/2023, 12:03 PMi got the error ""Error: self signed certificate"" when i tried to call the https post method using postman tool
Sundar
01/30/2023, 12:03 PMwhen i call the https post method from the applicaiton i got error as "avax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed"
t
Tom
01/30/2023, 12:03 PMSorry, I mean when you use your keystore with other HTTP clients, do you see a similar error as the original one?
Tom
01/30/2023, 12:04 PMAh OK. Might be that you didn’t include intermediate certificates in in the keystore?
s
Sundar
01/30/2023, 12:06 PMi have requested ssl certificate to my network team and they provided me back three files "yy.cer", yy.p7b, and yy.pem
👀 1
Sundar
01/30/2023, 12:06 PMi create jks file then executed the below command
Sundar
01/30/2023, 12:07 PMkeytool -import -trustcacerts -alias mock -file yy.cer -keystore wiremock.jks
t
Tom
01/30/2023, 12:07 PMThis is the script we use to build keystores correctly for WireMock:
Copy code
#!/bin/bash
# Concatenate all the things
cat main-cert.pem > main-and-intermediate-certs.pem
cat intermediate-certs.pem >> main-and-intermediate-certs.pem
# Convert to .p12
openssl pkcs12 -export -inkey main-cert.key -in main-and-intermediate-certs.pem -out wiremock.p12
# Make a Java keystore
keytool -importkeystore -deststorepass keystorepassword -destkeypass keystorepassword -srckeystore wiremock.p12 -srcstoretype PKCS12 -srcstorepass keystorepassword -destkeystore keystore.jks
keytool -list -v -keystore keystore.jkss
Sundar
01/30/2023, 12:08 PMwill the above work in Windows ?
t
Tom
01/30/2023, 12:08 PMYou’ll need to tweak it a bit, or run Ubuntu for Windows if you can
Tom
01/30/2023, 12:09 PMProvided you’ve got openssl and a JDK on the PATH the Windows equivalent should be very similar
s
Sundar
01/30/2023, 12:10 PMi have used this command to create my jks file
Sundar
01/30/2023, 12:10 PM Copy code
keytool -genkey -alias wiremock -keyalg RSA -keysize 1024
-validity 365 -keypass password -keystore identity.jks -storepass passwordSundar
01/30/2023, 12:41 PMwhat is main-cert.key file ?
t
Tom
01/30/2023, 12:42 PMThis the the private key that (should) always come with the certificate
Tom
01/30/2023, 12:43 PMWhen your certificate authority issues the cert either they generate this for you or you generate it yourself prior to sending them the signing request.
s
Sundar
01/31/2023, 5:32 AMI have followed the steps which you provided and its worked. Thank you
👍 1
3 Views