diff --git a/Settings.md b/Settings.md index 1cb3696..096c9b1 100644 --- a/Settings.md +++ b/Settings.md @@ -22,9 +22,22 @@ Allow the usage of CSharpCodeMatcher, default is not allowed because it can be d ### CertificateSettings By default, the .NETStandard version from WireMock.Net can use the default .NET self-signed development certificate. See [HTTPS-SSL](https://github.com/WireMock-Net/WireMock.Net/wiki/Using-HTTPS-%28SSL%29#net-standard--net-core) for more info. -However, it's also possible to use your own certificate, which can use defined in the Certificate Store or in a `.pfx` file. +However, it's also possible to use your own certificate by configuring appropriate values for the `CertificateSettings`. +The following methods are supported: + +- Using the Certificate Store +- Loading a PFX certificate from the file system +- Utilizing an in-memory `X509Certificate2` instance + +Note that: +- X509StoreName and X509StoreLocation should be defined +- OR +- X509CertificateFilePath and X509CertificatePassword should be defined +- OR +- X509Certificate should be defined + +#### SSL Certficate from Certificate Store -To configure this you need to define the correct values for the `CertificateSettings`. See example below: ``` c# var server = WireMockServer.Start(new WireMockServerSettings { @@ -33,12 +46,9 @@ var server = WireMockServer.Start(new WireMockServerSettings { X509StoreName = "My", X509StoreLocation = "CurrentUser", - X509StoreThumbprintOrSubjectName = "FE16586076A8B3F3E2F1466803A6C4C7CA35455B" // This can be a Thumbprint, SubjectName or null - - // X509CertificateFilePath = "example.pfx", - // X509CertificatePassword = "wiremock" + // X509StoreThumbprintOrSubjectName can be a Thumbprint, SubjectName or null + X509StoreThumbprintOrSubjectName = "FE16586076A8B3F3E2F1466803A6C4C7CA35455B" } - }); ``` @@ -46,19 +56,48 @@ Where * `X509StoreName` = The Certificate StoreName. One of: AddressBook, AuthRoot, CertificateAuthority, My, Root, TrustedPeople, TrustedPublisher. * `X509StoreLocation` = The Certificate StoreLocation. Can be CurrentUser or LocalMachine. * `X509StoreThumbprintOrSubjectName` = This can be the Certifcate Thumbprint, Certifcate SubjectName or null. If it's null, the first match on the hostname Certicate is used. -* `X509CertificateFilePath` = The full path to the X509Certificate2 `.pfx` file -* `X509CertificatePassword` = The password for the X509Certificate2 `.pfx` file -Note that: -- X509StoreName and X509StoreLocation should be defined -- OR -- X509CertificateFilePath and X509CertificatePassword should be defined +#### SSL Certficate from the file system + +``` c# +var server = WireMockServer.Start(new WireMockServerSettings +{ + Urls = new[] { "https://localhost:8443" }, + CertificateSettings = new WireMockCertificateSettings + { + X509CertificateFilePath = "example.pfx", + X509CertificatePassword = "wiremock" + } +}); +``` + +Where +* `X509CertificateFilePath` = The full path to the X509Certificate2 `.pfx` or `.pem` file +* `X509CertificatePassword` = The password or key for the X509Certificate2 file. This can be null if the certificate does not require a password. + +#### SSL Certificate from in-memory X509Certificate2 + +``` c# +// GetSSLCertificate is used to represent any way to load a certificate, for example from Azure KeyVault. +X509Certificate2 sslCertificate = GetSSLCertificate(); + +var server = WireMockServer.Start(new WireMockServerSettings +{ + Urls = new[] { "https://localhost:8443" }, + CertificateSettings = new WireMockCertificateSettings + { + X509Certificate = sslCertificate + } +}); +``` + +#### Additional SSL Certificate Resources 📝 See also these links on how to generate a EC or RSA - https://www.scottbrady91.com/openssl/creating-elliptical-curve-keys-using-openssl - https://www.scottbrady91.com/openssl/creating-rsa-keys-using-openssl -- https://github.com/WireMock-Net/WireMock.Net/tree/master/examples/WireMock.Net.Console.NET6.WithCertificate +- https://github.com/WireMock-Net/WireMock.Net/tree/master/examples/WireMock.Net.Console.NET6.WithCertificate ### ProxyAndRecordSettings You can enable ProxyAndRecord functionality by defining the *ProxyAndRecordSettings* and by specifying an Url. See code example below.