Skip to content

10.0 SSL handshaking

Jump to bottom
Amit Gupta edited this page Dec 29, 2016 · 1 revision

Stubmatic supports both 1 way and 2 way SSL handshaking.

1 way SSL handshaking

Step 1

For 1 way SSL handshaking or to access Stubmatic over HTTPS you will need to generate a SSL key and certificate for server. For this first you need a CA who can sign server certificate request. So let's first generate the required CA certificates;

openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
#openssl x509 -in ca.crt -text -noout

Now generate the server key

openssl genrsa -out server.key 1024

And create a certificate signing request to CA so he will sign and give the certificate back;

openssl req -new -key server.key -out server.csr

Since we have already generate necessary CA certificates, let's sign and create server certificate;

openssl x509 -req -in server.csr -out server.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365
#openssl x509 -in server.crt -text -noout

Note: While generating server.csr, it’ll ask for CN name. It should be the hostname or IP address client wants to connect to. Remember that www.google.com and google.com are also treated as different CN names. However, you can use *.google.com. If you are testing locally, better to use localhost.

Step 2

Create a truststore folder in your Stubmatic project. Copy server.key and server.crt in truststore folder.

You can have a look on sample demo application for more understanding.

Step 3

Use it. Since it is a self signed certificate, browser will give you warning and will ask you to accept the ca certificate. Go for that.

If you are accessing Stubmatic from some application, add ca.crt, which was used to generate server.crt above, in your application's truststore. And you are done.

If you are using file based configuration, you would need to specify them in config file.

  "server": {
    "port": 9999
    ,"securePort" : 8000 #https port
    ,"mutualSSL" : true #for 2 way SSL handshaking
    ,"ca" : ["truststore/ca/clientca.crt"] #for 2 way SSL handshaking
    ,"key" : "truststore/server.key"
    ,"cert" : "truststore/server.crt"
  }

2 way SSL handshaking or Mutual SSL handshaking

In 2 way SSL handshaking, server also need to verify the client. So generate the client's key and certificate for your project and sign them using some CA certificates as we did above. Now put this certificate into trustore/ca folder. Stubmatic will automatically add it in it's truststore.

##Testing Stubmatic use self signed certificate to start HTTPS server. So if you access it in browser, it may give you "Your connection is not private" warning. Accept the certificate and go ahead with your testing.

If you use wget command, you will have to use --no-check-certificate option.

If you use curl command, you will have to use -k option

Clone this wiki locally