MockMotor lets you set its certificate without a reboot.
By default, MockMotor listens on two ports: plain HTTP 7080 and HTTPS 7081.
The HTTPS port presents a self-signed certificate:
This is sufficient for many tests.
However, it may require you to suppress the certificate checking in the applications that use MockMotor or use the plain HTTP port. Both options are not ideal.
Settings for Certificate
Luckily, MockMotor lets you provide your own certificate, signed with a CA trusted in your organization.
The certificate is configured on the Settings page (
Only admins can see and edit the certificate, and it is only available if an HTTPS port is configured:
HOWTO: Setting a Trusted Cert
Obtain a Signed Certificate from CA
First, you need to obtain the new certificate from a CA (Certificate Authority) that is trusted in your organization.
It may be a public CA, such as Entrust, or an internal CA providing certificates for internal services.
The certificate must come with a paired private key. If the private key is encrypted, you should also receive a password for it.
The certificate and the private key can come in a number of various formats (PEM, PCS12, JKS, …). MockMotor, however, can only read PEM.
PEM format is textual and looks like this:
-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIAxYKF4qXbIYCAggA MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHdLh8N2mmcQBIIEyJY3VWHbzOQT ... more lines here ... -----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE----- MIIDcTCCAlmgAwIBAgIEexqQLTANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJD QTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xEjAQBgNVBAoTCU1vY2tN ... more lines here ... -----END CERTIFICATE-----
Convert the Certificate and Private Key to PEM Format
If you’ve got the key pair in PEM, good for you!
If not, the specific utilities to use to convert the key pair to PEM and their commands differ depending on the source keystore format. You’ll have to research this step on your own.
The end result should be two or more files in PEM format as above.
Login as Admin
Only admins can change the instance certificate, so you have to login as an admin first.
Navigate to Settings Page
Make sure the HTTPS port is configured - no point in providing a certificate if MockMotor doesn’t listen on the HTTPS port.
Optional Pre-Caution: Enable the Plain HTTP Port
If you only have HTTPS port enabled and make a mistake configuring the certificates, the HTTPS port - the only port - is broken
and cannot be used. You’ll then have to log into the box where MockMotor is located, backup and update the
mockmotor.config.xml manually, restart MockMotor and start the procedure again.
To avoid that, you may want to enable the plain HTTP port before any changes. This way, if you make a mistake, you can point your browser to plain HTTP port and correct the mistake. The obvious downside of this is that your cookie can be intercepted. Use your judgement.
Paste the Private Key
First things first - paste the PEM-formatted private key into the
Private Key and Certificate field.
Make sure you preserved the key boundaries - the lines with
--- BEGIN ... and
--- END ....
If the private key is encrypted (
BEGIN ENCRYPTED PRIVATE KEY), enter the password into the
Private Key Password field:
Paste the Certificate (or Certificates)
Now add every certificate you’ve received. You may have only one certificate, but more likely, you’ve got a certificate chain - a number of certificates, each of which signs the next one in the chain. You need to add each of them to MockMotor.
Copy each of the certificates in PEM format and paste it into the same
Private Key and Certificate field, after the private key:
Repeat until all certificates are added to the field.
Save the Settings
Click on the
If you provided an incorrect private key password, the encryption APIs would give you a cryptic message, like below:
Double-check you’ve used the correct password then.
If the saving was successful, MockMotor tries to reload the page to point to the HTTPS port with the new certificate.
If everything is right, you see a nice lock sign next to the URL.
Inspect the certificate information to confirm the change was successful.