Closed MakersAll8 closed 1 year ago
I was able to resolve this by adding the two lines in the imposter.ejs
file.
"cert": "-----BEGIN CERTIFICATE-----<self signed certificate>-----END CERTIFICATE-----",
"key": "-----BEGIN RSA PRIVATE KEY-----<private key content>-----END RSA PRIVATE KEY-----",
My cert
and key
were generated on a ubuntu image following the following steps
create a Dockerfile
FROM ubuntu:20.04
USER root
RUN apt update
RUN apt install openssh-server -y
WORKDIR /home/ubuntu/key
in host terminal build the image and tag it as generate_key
docker build -t generate_key --rm .
spin up a container based on the image
docker run --rm -v $PWD/key:/home/ubuntu/key -it --entrypoint /bin/bash generate_key
run the following command in the container CLI
export ROOT_CA_PASSWORD=$(echo $RANDOM | md5sum | head -c 30) && \
openssl genrsa -des3 -passout pass:$ROOT_CA_PASSWORD -out developmentCA.key 2048 && \
openssl req -x509 -new -nodes -key developmentCA.key -sha256 -days 825 -out developmentCA.crt \
-subj "/C=AU/ST=Victoria/L=Melbourne/O=CompanyName/OU=DepartmentName/CN=DevelopmentCA" \
-passin pass:$ROOT_CA_PASSWORD && \
openssl genrsa -out localhost.key 2048 && \
openssl req -new -sha256 -key localhost.key \
-subj "/C=AU/ST=Victoria/L=Melbourne/O=CompanyName/OU=DepartmentName/CN=localhost:2525" \
-addext "subjectAltName=DNS:localhost:2525" -out localhost.csr && openssl x509 \
-req -in localhost.csr -CA developmentCA.crt -extensions SAN \
-extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:localhost:2525")) \
-CAkey developmentCA.key -CAcreateserial -out localhost.crt -days 825 -sha256 \
-passin pass:$ROOT_CA_PASSWORD && \
openssl x509 -in localhost.crt -text -noout
In your key
folder on host machine where you created the Dockerfile
above, you should have a bunch of private keys, public keys, certificate signing request, etc. Only localhost.key
and localhost.crt
are of interests to us, the rest were created to eventually get the self-signed certificate localhost.crt
.
Copy localhost.key
into the key
field in the imposters.ejs
file, and localhost.crt
into cert
.
I would raise a PR to change the default key
and cert
values in moutebank, but would like to ask whether I should just set the -days
value to a ridiculously large number like 3650 days to make the cert valid for 10 years?
Hi there, Thanks for the update, and offer to add a PR. Yes, I believe for the built-in key, security is less the point than convenience of mock setup, so I would set it for 10 years.
@bbyars PR raised https://github.com/bbyars/mountebank/pull/732
@bbyars will you please consider merging this? It would make upgrading images to node 18 a bit smoother.
Done!
On Wed, Jul 5, 2023 at 2:33 AM MakersAll8 @.***> wrote:
@bbyars https://github.com/bbyars will you please consider merging this? It would make upgrading images to node 18 a bit smoother.
— Reply to this email directly, view it on GitHub https://github.com/bbyars/mountebank/issues/731#issuecomment-1621198330, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAARFPYOVFPTB52DOTNOEO3XOUKFTANCNFSM6AAAAAAYW6CJGE . You are receiving this because you were mentioned.Message ID: @.***>
Closed as resolved by PR above.
Expected behaviour
upgrading to node 18 image should not break my mock server
...
Actual behaviour
upgrading to node 18 image is causing the
http
library to throwee key too small
error when thePUT /imposters
request is trying to send stubs I defined in json files to moutebank server on port 2525 ...Steps to reproduce
pull node 18 image install mountebank create your
imposters.ejs
create your stubs json files runnpm start
...Software versions used
I am raising the issue to provide a solution as I couldn't find a solution here and on Google.
The offending default keypair seems to be
mb-key.pem
andmb-cert.pem
according to the source code.