Main in the middle certificate generation does not work with Java 25

[semyon-levin-workato]

Proposal

WireMock fails with the following exception:

com.github.tomakehurst.wiremock.http.ssl.CertificateGenerationUnsupportedException: Your runtime does not support generating certificates at runtime
	at com.github.tomakehurst.wiremock.http.ssl.CertificateAuthority.generateCertificateAuthority(CertificateAuthority.java:73)
	at com.github.tomakehurst.wiremock.jetty11.SslContexts.buildKeyStore(SslContexts.java:136)
	at com.github.tomakehurst.wiremock.jetty11.SslContexts.buildSslContextFactory(SslContexts.java:85)
	at com.github.tomakehurst.wiremock.jetty11.SslContexts.buildManInTheMiddleSslContextFactory(SslContexts.java:61)
	at com.github.tomakehurst.wiremock.jetty12.Jetty12HttpServer.applyAdditionalServerConfiguration(Jetty12HttpServer.java:150)
	at com.github.tomakehurst.wiremock.jetty.JettyHttpServer.<init>(JettyHttpServer.java:99)
	at com.github.tomakehurst.wiremock.jetty12.Jetty12HttpServer.<init>(Jetty12HttpServer.java:74)
	at com.github.tomakehurst.wiremock.jetty12.Jetty12HttpServerFactory.buildHttpServer(Jetty12HttpServerFactory.java:33)
	at com.github.tomakehurst.wiremock.WireMockServer.<init>(WireMockServer.java:75)
    [... our code ...]
 [73 skipped]
Caused by: java.lang.IllegalAccessError: class com.github.tomakehurst.wiremock.http.ssl.CertificateAuthority (in unnamed module @0x30f39991) cannot access class sun.security.x509.KeyIdentifier (in module java.base) because module java.base does not export sun.security.x509 to unnamed module @0x30f39991
	at com.github.tomakehurst.wiremock.http.ssl.CertificateAuthority.certificateAuthorityExtensions(CertificateAuthority.java:88)
	at com.github.tomakehurst.wiremock.http.ssl.CertificateAuthority.generateCertificateAuthority(CertificateAuthority.java:58)
	... 84 common frames omitted

Reproduction steps

We use wiremock-jetty12 version 3.13.2

We start WireMock like this:

var config = WireMockConfiguration.wireMockConfig()
    .dynamicPort()
    .enableBrowserProxying(true);
var server = new WireMockServer(config);
server.start();

References

No response

[itkhanz]

Also faced the same issue on Java 25

java -jar wiremock-standalone-3.13.2.jar --enable-browser-proxying
throws following error

2026-05-04 20:56:38.230 Unable to generate a certificate authority
com.github.tomakehurst.wiremock.http.ssl.CertificateGenerationUnsupportedException: Your runtime does not support generating certificates at runtime
	at com.github.tomakehurst.wiremock.http.ssl.CertificateAuthority.generateCertificateAuthority(CertificateAuthority.java:73)
	at com.github.tomakehurst.wiremock.jetty11.SslContexts.buildKeyStore(SslContexts.java:136)
	at com.github.tomakehurst.wiremock.jetty11.SslContexts.buildSslContextFactory(SslContexts.java:85)
	at com.github.tomakehurst.wiremock.jetty11.SslContexts.buildManInTheMiddleSslContextFactory(SslContexts.java:61)
	at com.github.tomakehurst.wiremock.jetty11.Jetty11HttpServer.applyAdditionalServerConfiguration(Jetty11HttpServer.java:152)
	at com.github.tomakehurst.wiremock.jetty.JettyHttpServer.<init>(JettyHttpServer.java:99)
	at com.github.tomakehurst.wiremock.jetty11.Jetty11HttpServer.<init>(Jetty11HttpServer.java:76)
	at com.github.tomakehurst.wiremock.jetty.JettyHttpServerFactory.buildHttpServer(JettyHttpServerFactory.java:28)
	at com.github.tomakehurst.wiremock.WireMockServer.<init>(WireMockServer.java:75)
	at com.github.tomakehurst.wiremock.standalone.WireMockServerRunner.run(WireMockServerRunner.java:71)
	at wiremock.Run.main(Run.java:23)
Caused by: java.lang.NoSuchMethodError: 'void sun.security.x509.CertificateExtensions.set(java.lang.String, java.lang.Object)'
	at com.github.tomakehurst.wiremock.http.ssl.CertificateAuthority.certificateAuthorityExtensions(CertificateAuthority.java:91)
	at com.github.tomakehurst.wiremock.http.ssl.CertificateAuthority.generateCertificateAuthority(CertificateAuthority.java:58)
	... 10 more

Navigating to http://localhost:8080/__admin/certs/wiremock-ca.crt returns error:-

Failed to export certificate authority cert from /$HOME/.wiremock/ca-keystore.jks

Could you please let us know when this fix #3354 will be released or is there any alternative workaround to manually/automatically generate certificate via running standalone process or java code?

[leeturner]

The bouncy castle PR was merged and released as Wiremock 4 beta 34 - https://wiremock.org/docs/download-and-installation/#4x-beta-release-downloads

Could you try again using beta 34 with java 25.