search

mock-server / mockserver

MockServer enables easy mocking of any system you integrate with via HTTP or HTTPS with clients written in Java, JavaScript and Ruby. MockServer also includes a proxy that introspects all proxied traffic including encrypted SSL traffic and supports Port Forwarding, Web Proxying (i.e. HTTP proxy), HTTPS Tunneling Proxying (using HTTP CONNECT) and SOCKS Proxying (i.e. dynamic port forwarding).
http://mock-server.com
Apache License 2.0
4.61k stars 1.08k forks source link

Need help with cert issues on setting up mockserver docker using a custom hostname. #660

Closed qinfchen closed 5 years ago

qinfchen commented 5 years ago

Here is the docker-compose block

 test:
    container_name: test.docker.com
    image: jamesdbloom/mockserver:mockserver-5.6.1
    ports:
      - "3280:3280"
    environment:
      - LOG_LEVEL=WARN
      - SERVER_PORT=3280
      - JVM_OPTIONS=-Dmockserver.propertyFile=/opt/mockserver/mockserver.properties
    volumes:
      - ./mockserver/mockserver.properties:/opt/mockserver/mockserver.properties
      - ./mockServer/keystore.jks:/opt/mockserver/keystore.jks
      - ./mockServer/key.pem:/opt/mockserver/key.pem
      - ./mockServer/ca.pem:/opt/mockserver/ca.pem

and here is the mockserver.properties

# keystore file path if keystore does not already exist a new keystore with this file name will be created
# (default depends on javaKeyStoreType value: keystore.jks or keystore.p12 or keystore.jceks)
mockserver.javaKeyStoreFilePath=/opt/mockserver/keystore.jks
mockserver.javaKeyStoreType=jks

# Certificate Generation

# delete KeyStore file on JVM shutdown (default true)
mockserver.deleteGeneratedKeyStoreOnExit=false
# certificate domain name (default "localhost")
mockserver.sslCertificateDomainName=test.docker.com
# comma separated list of ip addresses for Subject Alternative Name domain names (default empty list)
mockserver.sslSubjectAlternativeNameDomains=test.docker.com,localhost
# comma separated list of ip addresses for Subject Alternative Name ips (default empty list)
mockserver.sslSubjectAlternativeNameIps=127.0.0.1
mockserver.certificateAuthorityPrivateKey=/opt/mockserver/key.pem
mockserver.CertificateAuthorityCertificate=/opt/mockserver/ca.pem

and I keep getting the following error

2019-08-07T21:41:18.486180700Z 
2019-08-07 21:41:24,535 ERROR o.m.s.t.KeyAndCertificateFactory Error while refreshing certificates
java.security.SignatureException: certificate does not verify with supplied key
at org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateObject.checkSignature(Unknown Source) ~[mockserver-netty-jar-with-dependencies.jar:na]
at org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateObject.verify(Unknown Source) ~[mockserver-netty-jar-with-dependencies.jar:na]
at org.mockserver.socket.tls.KeyAndCertificateFactory.createCASignedCert(KeyAndCertificateFactory.java:211) ~[mockserver-netty-jar-with-dependencies.jar:na]
at org.mockserver.socket.tls.KeyAndCertificateFactory.buildAndSaveCertificates(KeyAndCertificateFactory.java:244) ~[mockserver-netty-jar-with-dependencies.jar:na]
at org.mockserver.socket.tls.NettySslContextFactory.buildSslContext(NettySslContextFactory.java:58) [mockserver-netty-jar-with-dependencies.jar:na]
at org.mockserver.socket.tls.NettySslContextFactory.createServerSslContext(NettySslContextFactory.java:46) [mockserver-netty-jar-with-dependencies.jar:na]

Any help is appreciated.

jamesdbloom commented 5 years ago

The intention of the values:

mockserver.certificateAuthorityPrivateKey
mockserver.certificateAuthorityCertificate

is for user-supplied files, i.e. files that already exist.

I also notice you have the wrong capitalization of mockserver.CertificateAuthorityCertificate but this should be mockserver.certificateAuthorityCertificate .

I believe, from your question, you want to retrieve files that have been autogenerated by MockServer. I have therefore added an addition property

mockserver.directoryToSaveDynamicSSLCertificate

This a directory you specify where the certificate files are generated. In addition, I have added a log event (at DEBUG level) that outputs the file path when the files are created to help debugging. The files are created with the following file patterns:

"MockServerCertificate" + randomUUID + ".pem"
"MockServerPrivateKey" + randomUUID + ".pem"

This new code is available in the latest SNAPSHOT version. Unfortunately, I just did a release yesterday so I would likely do another release for a couple of weeks. Using the SNAPSHOT version is documented: http://mock-server.com/where/maven_central.html#sonatype_snapshot

I am going to close this issue because I believe this should now be resolved for you. If you have more questions either add an additional comment here (as I'll receive an email) or open a new issue.