starred/WireMock.Net-wiremock
1
0
Fork 0
mirror of https://github.com/wiremock/WireMock.Net.git synced 2026-01-11 22:30:41 +01:00
Code Issues 32 Packages Projects Releases 10 Wiki Activity

Wiki: Add HTTPS usage inside Docker #301

New Issue
Closed
opened 2025-12-29 15:20:14 +01:00 by adam · 5 comments
adam commented 2025-12-29 15:20:14 +01:00
Owner
Copy Link

Originally created by @winseros on GitHub (Oct 9, 2020).

Greetings.

Some history. We use WireMock to run our unit tests inside Docker. The other day we had to mock a service whose official client library was nailed to work through HTTPS only. Trying to make an HTTPS mock through WireMock, we were surprised it worked nice on Windows, but inside Docker we were receiving SSL validation errors at connection time.

The reasons behind the behavior - are WireMock-Net/WireMock.Net#379, where the support of default aspnetcore development certificates was added,
and https://github.com/dotnet/aspnetcore/issues/7246, that prevents default dev certificates from being trusted on Linux / Docker.

There is a way to make WireMock run trusted HTTPS inside Docker I'd like to share.

  1. Make the localhost.conf file of content:

    [ req ]
default_bits       = 2048
default_keyfile    = localhost.key
distinguished_name = req_distinguished_name
req_extensions     = req_ext
x509_extensions    = v3_ca

[ req_distinguished_name ]
commonName         = Common Name (e.g. server FQDN or YOUR name)

[ req_ext ]
subjectAltName = @alt_names

[ v3_ca ]
subjectAltName = @alt_names
basicConstraints = critical, CA:false
keyUsage = keyCertSign, cRLSign, digitalSignature,keyEncipherment
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
1.3.6.1.4.1.311.84.1.1 = DER:01

[ alt_names ]
DNS.1   = localhost
DNS.2   = 127.0.0.1

    Note the 1.3.6.1.4.1.311.84.1.1 = DER:01 it is critical for aspnet for recognizing the cert.

  2. Generate the cert:

    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout localhost.key -out localhost.crt -config localhost.conf -subj /CN=localhost
openssl pkcs12 -export -out localhost.pfx -inkey localhost.key -in localhost.crt -passout pass:

  3. Grab the localhost.pfx and localhost.crt and throw them into the target system. In case of Docker that would look:

    COPY localhost.crt /usr/local/share/ca-certificates/
RUN dotnet dev-certs https --clean \
    && update-ca-certificates
COPY localhost.pfx /root/.dotnet/corefx/cryptography/x509stores/my/

  4. Profit. The system has the aspnetcore dev cert trusted.

Ideally I'd like those 4 steps to be added into the project Wiki so others won't have to spend all the time I did to find a solution.

Best regards.

Originally created by @winseros on GitHub (Oct 9, 2020). Greetings. Some history. We use WireMock to run our unit tests inside `Docker`. The other day we had to mock a service whose official client library was nailed to work through HTTPS only. Trying to make an HTTPS mock through WireMock, we were surprised it worked nice on `Windows`, but inside `Docker` we were receiving SSL validation errors at connection time. The reasons behind the behavior - are WireMock-Net/WireMock.Net#379, where the support of default aspnetcore development certificates was added, and https://github.com/dotnet/aspnetcore/issues/7246, that prevents default dev certificates from being trusted on `Linux` / `Docker`. There is a way to make WireMock run trusted HTTPS inside `Docker` I'd like to share. 1. Make the `localhost.conf` file of content: ``` [ req ] default_bits = 2048 default_keyfile = localhost.key distinguished_name = req_distinguished_name req_extensions = req_ext x509_extensions = v3_ca [ req_distinguished_name ] commonName = Common Name (e.g. server FQDN or YOUR name) [ req_ext ] subjectAltName = @alt_names [ v3_ca ] subjectAltName = @alt_names basicConstraints = critical, CA:false keyUsage = keyCertSign, cRLSign, digitalSignature,keyEncipherment extendedKeyUsage = 1.3.6.1.5.5.7.3.1 1.3.6.1.4.1.311.84.1.1 = DER:01 [ alt_names ] DNS.1 = localhost DNS.2 = 127.0.0.1 ``` Note the `1.3.6.1.4.1.311.84.1.1 = DER:01` it is critical for aspnet for [recognizing](https://github.com/dotnet/aspnetcore/blob/c75b3f7a2fb9fe21fd96c93c070fdfa88a2fbe97/src/Shared/CertificateGeneration/CertificateManager.cs#L81) the cert. 2. Generate the cert: ``` openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout localhost.key -out localhost.crt -config localhost.conf -subj /CN=localhost openssl pkcs12 -export -out localhost.pfx -inkey localhost.key -in localhost.crt -passout pass: ``` 3. Grab the `localhost.pfx` and `localhost.crt` and throw them into the target system. In case of `Docker` that would look: ``` dockerfile COPY localhost.crt /usr/local/share/ca-certificates/ RUN dotnet dev-certs https --clean \ && update-ca-certificates COPY localhost.pfx /root/.dotnet/corefx/cryptography/x509stores/my/ ``` 4. Profit. The system has the aspnetcore dev cert trusted. Ideally I'd like those 4 steps to be added into the project Wiki so others won't have to spend all the time I did to find a solution. Best regards.
adam added the doc label 2025-12-29 15:20:14 +01:00
adam closed this issue 2025-12-29 15:20:14 +01:00
adam commented 2025-12-29 15:20:15 +01:00
Author
Owner
Copy Link

@StefH commented on GitHub (Oct 10, 2020):

Hello @winseros,

I can surely add this to the docker wiki: https://github.com/WireMock-Net/WireMock.Net-docker/wiki

However wouldn't it be a better idea to apply this fix to the Linux docker image, so that by default the https works?

(And can you describe the error when this is not applied?)

@StefH commented on GitHub (Oct 10, 2020): Hello @winseros, I can surely add this to the docker wiki: https://github.com/WireMock-Net/WireMock.Net-docker/wiki However wouldn't it be a better idea to apply this fix to the Linux docker image, so that by default the https works? (And can you describe the error when this is not applied?)
adam commented 2025-12-29 15:20:15 +01:00
Author
Owner
Copy Link

@winseros commented on GitHub (Oct 11, 2020):

Hello. I'm not sure if the issue is a case of WireMock.Net-docker. Probably I had to call the issue "Linux" instead of "Docker".

I made a demo project to show the details:
https://github.com/winseros/wiremock.net-https-demo-project

In short, there is a 3rd party HTTPClient library, hardcoded to work only through https (so you can't use HTTP for tests). In order to make WireMock HTTPS tests work, on Windows it is enough to run dotnet dev-certs https --trust, but on Linux or in Docker you have to run the commands from https://github.com/WireMock-Net/WireMock.Net-docker/issues/26#issue-718565995

@winseros commented on GitHub (Oct 11, 2020): Hello. I'm not sure if the issue is a case of `WireMock.Net-docker`. Probably I had to call the issue "Linux" instead of "Docker". I made a demo project to show the details: https://github.com/winseros/wiremock.net-https-demo-project In short, there is a 3rd party HTTPClient library, hardcoded to work only through https (so you can't use HTTP for tests). In order to make WireMock HTTPS tests work, on `Windows` it is enough to run `dotnet dev-certs https --trust`, but on `Linux` or in `Docker` you have to run the commands from https://github.com/WireMock-Net/WireMock.Net-docker/issues/26#issue-718565995
adam commented 2025-12-29 15:20:15 +01:00
Author
Owner
Copy Link

@StefH commented on GitHub (Oct 11, 2020):

OK. I see.

I did add your information to this page:
https://github.com/WireMock-Net/WireMock.Net/wiki/Using-HTTPS-(SSL)

Can you verify it's correct?

@StefH commented on GitHub (Oct 11, 2020): OK. I see. I did add your information to this page: https://github.com/WireMock-Net/WireMock.Net/wiki/Using-HTTPS-(SSL) Can you verify it's correct?
adam commented 2025-12-29 15:20:16 +01:00
Author
Owner
Copy Link

@winseros commented on GitHub (Oct 11, 2020):

That's correct. Thank you!

@winseros commented on GitHub (Oct 11, 2020): That's correct. Thank you!
adam commented 2025-12-29 15:20:16 +01:00
Author
Owner
Copy Link

@StefH commented on GitHub (Oct 11, 2020):

Hello @winseros ; thank you very much for researching the issue + solution.

@StefH commented on GitHub (Oct 11, 2020): Hello @winseros ; thank you very much for researching the issue + solution.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
bug
doc
doc
duplicate
feature
feature
invalid
pull-request
Mirrored from GitHub Pull Request
 question
wontfix
No Label doc
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/WireMock.Net-wiremock#301
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?