Wiremock | How to proxy to server that requires mTLS?

Question

I am trying to use wiremock to record requests to a server as well as the resulting responses. I've already managed to do that but when proxing via wiremock I'm always getting a 401 response stating that the certificate isn't valid. The Server requires mTLS. So how can I tell wiremock to use a specific client certificate for the outbound proxy so that I can get an actual response?

In the docs it says that a trust store with the cert needs to be specified:

If you using WireMock as a proxy onto another system which requires client certificate authentication, you will also need to specify a trust store containing the certificate(s).

I tried that but still got the 401.

This seems to set up mTLS between the system under test and wiremock, not outbound wiremock.

This Issue states that wiremock cannot provide a certificate when proxying. Does that mean that proxying to a mTLS Server is currently practically not possible?

Kind regards, phillip

Answer 1

I had to set the Keystore of the client (the one, that contains the client cert chain and private key) and set it as the wiremock truststore. Like this:

java -jar wiremock-jre8-standalone-2.35.0.jar {...} --https-truststore C:\clientKeystore.pfx --truststore-password somePassword