org.mockserver.configuration

Class ConfigurationProperties

java.lang.Object

org.mockserver.configuration.ConfigurationProperties

public class ConfigurationProperties
extends Object

Author:

jamesdbloom

Field Summary

Fields

Modifier and Type	Field and Description
static String	DEFAULT_CERTIFICATE_AUTHORITY_PRIVATE_KEY
static String	DEFAULT_CERTIFICATE_AUTHORITY_X509_CERTIFICATE
static Properties	PROPERTIES

Constructor Summary

Constructors

Constructor and Description
ConfigurationProperties()

Method Summary

Modifier and Type	Method and Description
static int	actionHandlerThreadCount()
static void	actionHandlerThreadCount(int count) Number of threads for the action handler thread pool
static boolean	alwaysCloseSocketConnections()
static void	alwaysCloseSocketConnections(boolean alwaysClose) If true socket connections will always be closed after a response is returned, if false connection is only closed if request header indicate connection should be closed.
static boolean	attemptToProxyIfNoMatchingExpectation()
static void	attemptToProxyIfNoMatchingExpectation(boolean enable) If true (the default) when no matching expectation is found, and the host header of the request does not match MockServer's host, then MockServer attempts to proxy the request if that fails then a 404 is returned.
static String	certificateAuthorityCertificate()
static void	certificateAuthorityCertificate(String certificateAuthorityCertificate) File system path or classpath location of custom X.509 Certificate for Certificate Authority for TLS, the certificate must be a X509 PEM file and must match the certificateAuthorityPrivateKey
static String	certificateAuthorityPrivateKey()
static void	certificateAuthorityPrivateKey(String certificateAuthorityPrivateKey) File system path or classpath location of custom Private Key for Certificate Authority for TLS, the private key must be a PKCS#8 or PKCS#1 PEM file and must match the certificateAuthorityCertificate To convert a PKCS#1 (i.e.
static int	clientNioEventLoopThreadCount()
static void	clientNioEventLoopThreadCount(int count) Client Netty worker thread pool size for handling requests and response.
static String	controlPlaneJWTAuthenticationExpectedAudience()
static void	controlPlaneJWTAuthenticationExpectedAudience(String controlPlaneJWTAuthenticationExpectedAudience) Audience claim (i.e.
static String	controlPlaneJWTAuthenticationJWKSource()
static void	controlPlaneJWTAuthenticationJWKSource(String controlPlaneJWTAuthenticationJWKSource) JWK source used when JWT authentication is enabled for control plane requests
static Map<String,String>	controlPlaneJWTAuthenticationMatchingClaims()
static void	controlPlaneJWTAuthenticationMatchingClaims(Map<String,String> controlPlaneJWTAuthenticationMatchingClaims) Matching claims expected when JWT authentication is enabled for control plane requests
static boolean	controlPlaneJWTAuthenticationRequired()
static void	controlPlaneJWTAuthenticationRequired(boolean enable) Require JWT authentication for all control plane requests
static Set<String>	controlPlaneJWTAuthenticationRequiredClaims()
static void	controlPlaneJWTAuthenticationRequiredClaims(Set<String> controlPlaneJWTAuthenticationRequiredClaims) Required claims that should exist (i.e.
static String	controlPlanePrivateKeyPath()
static void	controlPlanePrivateKeyPath(String privateKeyPath) File system path or classpath location of a fixed custom private key for control plane connections using mTLS for authentication.
static String	controlPlaneTLSMutualAuthenticationCAChain()
static void	controlPlaneTLSMutualAuthenticationCAChain(String trustCertificateChain) File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for control plane mTLS authentication
static boolean	controlPlaneTLSMutualAuthenticationRequired()
static void	controlPlaneTLSMutualAuthenticationRequired(boolean enable) Require mTLS (also called client authentication and two-way TLS) for all control plane requests
static String	controlPlaneX509CertificatePath()
static void	controlPlaneX509CertificatePath(String x509CertificatePath) File system path or classpath location of a fixed custom X.509 Certificate for control plane connections using mTLS for authentication.
static boolean	corsAllowCredentials()
static void	corsAllowCredentials(boolean allow) The value used for CORS in the access-control-allow-credentials header.
static String	corsAllowHeaders()
static void	corsAllowHeaders(String corsAllowHeaders) the value used for CORS in the access-control-allow-headers and access-control-expose-headers headers.
static String	corsAllowMethods()
static void	corsAllowMethods(String corsAllowMethods) The value used for CORS in the access-control-allow-methods header.
static String	corsAllowOrigin()
static void	corsAllowOrigin(String corsAllowOrigin) the value used for CORS in the access-control-allow-origin header.
static int	corsMaxAgeInSeconds()
static void	corsMaxAgeInSeconds(int ageInSeconds) The value used for CORS in the access-control-max-age header.
static boolean	detailedMatchFailures()
static void	detailedMatchFailures(boolean enable) If true (the default) the log event recording that a request matcher did not match will include a detailed reason why each non matching field did not match.
static String	directoryToSaveDynamicSSLCertificate()
static void	directoryToSaveDynamicSSLCertificate(String directoryToSaveDynamicSSLCertificate) Directory used to save the dynamically generated Certificate Authority X.509 Certificate and Private Key.
static boolean	disableLogging()
static void	disableLogging(boolean disable) Disable all logging and processing of log events
static boolean	disableSystemOut()
static void	disableSystemOut(boolean disable) Disable printing log to system out for JVM, default is enabled
static boolean	dynamicallyCreateCertificateAuthorityCertificate()
static void	dynamicallyCreateCertificateAuthorityCertificate(boolean enable) Enable dynamic creation of Certificate Authority X509 certificate and private key.
static boolean	enableCORSForAllResponses()
static void	enableCORSForAllResponses(boolean enable) Enable CORS for all responses from MockServer, including the REST API and expectation responses
static boolean	enableCORSForAPI()
static void	enableCORSForAPI(boolean enable) Enable CORS for MockServer REST API so that the API can be used for javascript running in browsers, such as selenium
static InetSocketAddress	forwardHttpProxy()
static void	forwardHttpProxy(InetSocketAddress hostAndPort) Use HTTP proxy (i.e.
static void	forwardHttpProxy(String hostAndPort) Use HTTP proxy (i.e.
static InetSocketAddress	forwardHttpsProxy()
static void	forwardHttpsProxy(InetSocketAddress hostAndPort) Use HTTPS proxy (i.e.
static void	forwardHttpsProxy(String hostAndPort) Use HTTPS proxy (i.e.
static String	forwardProxyAuthenticationPassword()
static void	forwardProxyAuthenticationPassword(String forwardProxyAuthenticationPassword) Password for proxy authentication when using HTTPS proxy (i.e.
static String	forwardProxyAuthenticationUsername()
static void	forwardProxyAuthenticationUsername(String forwardProxyAuthenticationUsername) Username for proxy authentication when using HTTPS proxy (i.e.
static String	forwardProxyCertificateChain()
static void	forwardProxyCertificateChain(String certificateChain) File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for Trusting (i.e.
static String	forwardProxyPrivateKey()
static void	forwardProxyPrivateKey(String privateKey) File system path or classpath location of custom Private Key for proxied TLS connections out of MockServer, the private key must be a PKCS#8 or PKCS#1 PEM file
static String	forwardProxyTLSCustomTrustX509Certificates()
static void	forwardProxyTLSCustomTrustX509Certificates(String customX509Certificates) File system path or classpath location of custom file for trusted X509 Certificate Authority roots for forwarded or proxied requests, the certificate chain must be a X509 PEM file.
static ForwardProxyTLSX509CertificatesTrustManager	forwardProxyTLSX509CertificatesTrustManagerType()
static void	forwardProxyTLSX509CertificatesTrustManagerType(ForwardProxyTLSX509CertificatesTrustManager trustManagerType) Configure trusted set of certificates for forwarded or proxied requests.
static InetSocketAddress	forwardSocksProxy()
static void	forwardSocksProxy(InetSocketAddress hostAndPort) Use SOCKS proxy for all outbound / forwarded requests, support TLS tunnelling of TCP connections
static void	forwardSocksProxy(String hostAndPort) Use SOCKS proxy for all outbound / forwarded requests, support TLS tunnelling of TCP connections
static long	heapAvailableInKB()
static String	initializationClass()
static void	initializationClass(String initializationClass) The class (and package) used to initialize expectations in MockServer at startup, if set MockServer will load and call this class to initialise expectations when is starts.
static String	initializationJsonPath()
static void	initializationJsonPath(String initializationJsonPath) The path to the json file used to initialize expectations in MockServer at startup, if set MockServer will load this file and initialise expectations for each item in the file when is starts.
static String	javaLoggerLogLevel()
static boolean	launchUIForLogLevelDebug()
static void	launchUIForLogLevelDebug(boolean enable) If true (the default) the ClientAndServer constructor will open the UI in the default browser when the log level is set to DEBUG.
static String	livenessHttpGetPath()
static void	livenessHttpGetPath(String livenessPath) Path to support HTTP GET requests for status response (also available on PUT /mockserver/status).
static String	localBoundIP()
static void	localBoundIP(String localBoundIP) The local IP address to bind to for accepting new socket connections
static org.slf4j.event.Level	logLevel()
static void	logLevel(String level) Override the default logging level of INFO
static boolean	matchersFailFast()
static void	matchersFailFast(boolean enable) If true (the default) request matchers will fail on the first non-matching field, if false request matchers will compare all fields.
static int	maxChunkSize()
static void	maxChunkSize(int size) Maximum size of HTTP chunks in request or responses
static int	maxExpectations()
static void	maxExpectations(int count) Maximum number of expectations stored in memory.
static long	maxFutureTimeout()
static void	maxFutureTimeout(long milliseconds) Maximum time allowed in milliseconds for any future to wait, for example when waiting for a response over a web socket callback.
static int	maxHeaderSize()
static void	maxHeaderSize(int size) Maximum size of HTTP request headers
static Integer	maximumNumberOfRequestToReturnInVerificationFailure()
static void	maximumNumberOfRequestToReturnInVerificationFailure(Integer maximumNumberOfRequestToReturnInVerification) The maximum number of requests to return in verification failure result, if more expectations are found the failure result does not list them separately
static int	maxInitialLineLength()
static void	maxInitialLineLength(int length) Maximum size of the first line of an HTTP request
static int	maxLogEntries()
static void	maxLogEntries(int count) Maximum number of log entries stored in memory.
static long	maxSocketTimeout()
static void	maxSocketTimeout(long milliseconds) Maximum time in milliseconds allowed for a response from a socket
static int	maxWebSocketExpectations()
static void	maxWebSocketExpectations(int count) Maximum number of remote (not the same JVM) method callbacks (i.e.
static String	memoryUsageCsvDirectory()
static void	memoryUsageCsvDirectory(String directory) Directory to output JVM memory usage metrics CSV files to when outputMemoryUsageCsv enabled
static boolean	metricsEnabled()
static void	metricsEnabled(boolean enable) Enable gathering of metrics, default is false
static int	nioEventLoopThreadCount()
static void	nioEventLoopThreadCount(int count) Netty worker thread pool size for handling requests and response.
static boolean	outputMemoryUsageCsv()
static void	outputMemoryUsageCsv(boolean enable) Output JVM memory usage metrics to CSV file periodically called memoryUsage_<yyyy-MM-dd>.csv
static String	persistedExpectationsPath()
static void	persistedExpectationsPath(String persistedExpectationsPath) The file path used to save persisted expectations as json, which is updated whenever the expectation state is updated (i.e.
static boolean	persistExpectations()
static void	persistExpectations(boolean enable) Enable the persisting of expectations as json, which is updated whenever the expectation state is updated (i.e.
static boolean	preventCertificateDynamicUpdate()
static void	preventCertificateDynamicUpdate(boolean prevent) Prevent certificates from dynamically updating when domain list changes
static String	privateKeyPath()
static void	privateKeyPath(String privateKeyPath) File system path or classpath location of a fixed custom private key for TLS connections into MockServer.
static boolean	proactivelyInitialiseTLS()
static void	proactivelyInitialiseTLS(boolean enable) Proactively initialise TLS during start to ensure that if dynamicallyCreateCertificateAuthorityCertificate is enabled the Certificate Authority X.509 Certificate and Private Key will be created during start up and not when the first TLS connection is received.
static String	proxyAuthenticationPassword()
static void	proxyAuthenticationPassword(String proxyAuthenticationPassword) The required password for proxy authentication to MockServer
static String	proxyAuthenticationRealm()
static void	proxyAuthenticationRealm(String proxyAuthenticationRealm) The authentication realm for proxy authentication to MockServer
static String	proxyAuthenticationUsername()
static void	proxyAuthenticationUsername(String proxyAuthenticationUsername) The required username for proxy authentication to MockServer
static long	socketConnectionTimeout()
static void	socketConnectionTimeout(long milliseconds) Maximum time in milliseconds allowed to connect to a socket
static String	sslCertificateDomainName()
static void	sslCertificateDomainName(String domainName) The domain name for auto-generate TLS certificates
static Set<String>	sslSubjectAlternativeNameDomains()
static void	sslSubjectAlternativeNameDomains(Set<String> sslSubjectAlternativeNameDomains) The Subject Alternative Name (SAN) domain names for auto-generate TLS certificates as a comma separated list
static Set<String>	sslSubjectAlternativeNameIps()
static void	sslSubjectAlternativeNameIps(Set<String> sslSubjectAlternativeNameIps) The Subject Alternative Name (SAN) IP addresses for auto-generate TLS certificates as a comma separated list
static void	temporaryLogLevel(String level, Runnable runnable)
static String	tlsMutualAuthenticationCertificateChain()
static void	tlsMutualAuthenticationCertificateChain(String trustCertificateChain) File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for trusting (i.e.
static boolean	tlsMutualAuthenticationRequired()
static void	tlsMutualAuthenticationRequired(boolean enable) Require mTLS (also called client authentication and two-way TLS) for all TLS connections / HTTPS requests to MockServer
static boolean	useSemicolonAsQueryParameterSeparator()
static void	useSemicolonAsQueryParameterSeparator(boolean useAsQueryParameterSeparator) If true semicolons are treated as a separator for a query parameter string, if false the semicolon is treated as a normal character that is part of a query parameter value.
static boolean	watchInitializationJson()
static void	watchInitializationJson(boolean enable) If enabled the initialization json file will be watched for changes, any changes found will result in expectations being created, remove or updated by matching against their key.
static int	webSocketClientEventLoopThreadCount()
static void	webSocketClientEventLoopThreadCount(int count) Web socket thread pool size for expectations with remote (not the same JVM) method callbacks (i.e.
static String	x509CertificatePath()
static void	x509CertificatePath(String x509CertificatePath) File system path or classpath location of a fixed custom X.509 Certificate for TLS connections into MockServer.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_CERTIFICATE_AUTHORITY_PRIVATE_KEY

public static final String DEFAULT_CERTIFICATE_AUTHORITY_PRIVATE_KEY

See Also:

Constant Field Values

DEFAULT_CERTIFICATE_AUTHORITY_X509_CERTIFICATE

public static final String DEFAULT_CERTIFICATE_AUTHORITY_X509_CERTIFICATE

See Also:

Constant Field Values

PROPERTIES

public static final Properties PROPERTIES

Constructor Detail

ConfigurationProperties

public ConfigurationProperties()

Method Detail

logLevel

public static org.slf4j.event.Level logLevel()

javaLoggerLogLevel

public static String javaLoggerLogLevel()

logLevel

public static void logLevel(String level)

Override the default logging level of INFO

Parameters:

level - the log level, which can be TRACE, DEBUG, INFO, WARN, ERROR, OFF, FINEST, FINE, INFO, WARNING, SEVERE

temporaryLogLevel

public static void temporaryLogLevel(String level,
                                     Runnable runnable)

disableSystemOut

public static boolean disableSystemOut()

disableSystemOut

public static void disableSystemOut(boolean disable)

Disable printing log to system out for JVM, default is enabled

Parameters:

disable - printing log to system out for JVM

disableLogging

public static boolean disableLogging()

disableLogging

public static void disableLogging(boolean disable)

Disable all logging and processing of log events

The default is false

Parameters:

disable - disable all logging

detailedMatchFailures

public static boolean detailedMatchFailures()

detailedMatchFailures

public static void detailedMatchFailures(boolean enable)

If true (the default) the log event recording that a request matcher did not match will include a detailed reason why each non matching field did not match.

Parameters:

enable - enabled detailed match failure log events

launchUIForLogLevelDebug

public static boolean launchUIForLogLevelDebug()

launchUIForLogLevelDebug

public static void launchUIForLogLevelDebug(boolean enable)

If true (the default) the ClientAndServer constructor will open the UI in the default browser when the log level is set to DEBUG.

Parameters:

enable - enabled ClientAndServer constructor launching UI when log level is DEBUG

metricsEnabled

public static boolean metricsEnabled()

metricsEnabled

public static void metricsEnabled(boolean enable)

Enable gathering of metrics, default is false

Parameters:

enable - enable metrics

heapAvailableInKB

public static long heapAvailableInKB()

maxExpectations

public static int maxExpectations()

maxExpectations

public static void maxExpectations(int count)

Maximum number of expectations stored in memory. Expectations are stored in a circular queue so once this limit is reach the oldest and lowest priority expectations are overwritten

The default maximum depends on the available memory in the JVM with an upper limit of 5000

Parameters:

count - maximum number of expectations to store

maxLogEntries

public static int maxLogEntries()

maxLogEntries

public static void maxLogEntries(int count)

Maximum number of log entries stored in memory. Log entries are stored in a circular queue so once this limit is reach the oldest log entries are overwritten.

The default maximum depends on the available memory in the JVM with an upper limit of 60000, but can be overridden using defaultMaxLogEntries

Parameters:

count - maximum number of expectations to store

maxWebSocketExpectations

public static int maxWebSocketExpectations()

maxWebSocketExpectations

public static void maxWebSocketExpectations(int count)

Maximum number of remote (not the same JVM) method callbacks (i.e. web sockets) registered for expectations. The web socket client registry entries are stored in a circular queue so once this limit is reach the oldest are overwritten.

The default is 1500

Parameters:

count - maximum number of method callbacks (i.e. web sockets) registered for expectations

outputMemoryUsageCsv

public static boolean outputMemoryUsageCsv()

outputMemoryUsageCsv

public static void outputMemoryUsageCsv(boolean enable)

Output JVM memory usage metrics to CSV file periodically called memoryUsage_<yyyy-MM-dd>.csv

Parameters:

enable - output of JVM memory metrics

memoryUsageCsvDirectory

public static String memoryUsageCsvDirectory()

memoryUsageCsvDirectory

public static void memoryUsageCsvDirectory(String directory)

Directory to output JVM memory usage metrics CSV files to when outputMemoryUsageCsv enabled

Parameters:

directory - directory to save JVM memory metrics CSV files

nioEventLoopThreadCount

public static int nioEventLoopThreadCount()

nioEventLoopThreadCount

public static void nioEventLoopThreadCount(int count)

Netty worker thread pool size for handling requests and response. These threads are used for fast non-blocking activities such as, reading and de-serialise all requests and responses.

Parameters:

count - Netty worker thread pool size

actionHandlerThreadCount

public static int actionHandlerThreadCount()

actionHandlerThreadCount

public static void actionHandlerThreadCount(int count)

Number of threads for the action handler thread pool

These threads are used for handling actions such as:

• serialising and writing expectation or proxied responses
• handling response delays in a non-blocking way (i.e. using a scheduler)
• executing class callbacks
• handling method / closure callbacks (using web sockets)

Default is maximum of 5 or available processors count

Parameters:

count - Netty worker thread pool size

clientNioEventLoopThreadCount

public static int clientNioEventLoopThreadCount()

clientNioEventLoopThreadCount

public static void clientNioEventLoopThreadCount(int count)

Client Netty worker thread pool size for handling requests and response. These threads handle deserializing and serialising HTTP requests and responses and some other fast logic.

Default is 5 threads

Parameters:

count - Client Netty worker thread pool size

webSocketClientEventLoopThreadCount

public static int webSocketClientEventLoopThreadCount()

webSocketClientEventLoopThreadCount

public static void webSocketClientEventLoopThreadCount(int count)

Web socket thread pool size for expectations with remote (not the same JVM) method callbacks (i.e. web sockets).

Default is 5 threads

Parameters:

count - web socket worker thread pool size

maxFutureTimeout

public static long maxFutureTimeout()

maxFutureTimeout

public static void maxFutureTimeout(long milliseconds)

Maximum time allowed in milliseconds for any future to wait, for example when waiting for a response over a web socket callback.

Default is 60,000 ms

Parameters:

milliseconds - maximum time allowed in milliseconds

matchersFailFast

public static boolean matchersFailFast()

matchersFailFast

public static void matchersFailFast(boolean enable)

If true (the default) request matchers will fail on the first non-matching field, if false request matchers will compare all fields. This is useful to see all mismatching fields in the log event recording that a request matcher did not match.

Parameters:

enable - enabled request matchers failing fast

maxSocketTimeout

public static long maxSocketTimeout()

maxSocketTimeout

public static void maxSocketTimeout(long milliseconds)

Maximum time in milliseconds allowed for a response from a socket

Default is 20,000 ms

Parameters:

milliseconds - maximum time in milliseconds allowed

socketConnectionTimeout

public static long socketConnectionTimeout()

socketConnectionTimeout

public static void socketConnectionTimeout(long milliseconds)

Maximum time in milliseconds allowed to connect to a socket

Default is 20,000 ms

Parameters:

milliseconds - maximum time allowed in milliseconds

alwaysCloseSocketConnections

public static void alwaysCloseSocketConnections(boolean alwaysClose)

If true socket connections will always be closed after a response is returned, if false connection is only closed if request header indicate connection should be closed.

Default is false

Parameters:

alwaysClose - true socket connections will always be closed after a response is returned

alwaysCloseSocketConnections

public static boolean alwaysCloseSocketConnections()

localBoundIP

public static String localBoundIP()

localBoundIP

public static void localBoundIP(String localBoundIP)

The local IP address to bind to for accepting new socket connections

Default is 0.0.0.0

Parameters:

localBoundIP - local IP address to bind to for accepting new socket connections

maxInitialLineLength

public static int maxInitialLineLength()

maxInitialLineLength

public static void maxInitialLineLength(int length)

Maximum size of the first line of an HTTP request

The default is Integer.MAX_VALUE

Parameters:

length - maximum size of the first line of an HTTP request

maxHeaderSize

public static int maxHeaderSize()

maxHeaderSize

public static void maxHeaderSize(int size)

Maximum size of HTTP request headers

The default is Integer.MAX_VALUE

Parameters:

size - maximum size of HTTP request headers

maxChunkSize

public static int maxChunkSize()

maxChunkSize

public static void maxChunkSize(int size)

Maximum size of HTTP chunks in request or responses

The default is Integer.MAX_VALUE

Parameters:

size - maximum size of HTTP chunks in request or responses

useSemicolonAsQueryParameterSeparator

public static void useSemicolonAsQueryParameterSeparator(boolean useAsQueryParameterSeparator)

If true semicolons are treated as a separator for a query parameter string, if false the semicolon is treated as a normal character that is part of a query parameter value.

The default is true

Parameters:

useAsQueryParameterSeparator - true semicolons are treated as a separator for a query parameter string

useSemicolonAsQueryParameterSeparator

public static boolean useSemicolonAsQueryParameterSeparator()

enableCORSForAPI

public static boolean enableCORSForAPI()

enableCORSForAPI

public static void enableCORSForAPI(boolean enable)

Enable CORS for MockServer REST API so that the API can be used for javascript running in browsers, such as selenium

The default is false

Parameters:

enable - CORS for MockServer REST API

enableCORSForAllResponses

public static boolean enableCORSForAllResponses()

enableCORSForAllResponses

public static void enableCORSForAllResponses(boolean enable)

Enable CORS for all responses from MockServer, including the REST API and expectation responses

The default is false

Parameters:

enable - CORS for all responses from MockServer

corsAllowOrigin

public static String corsAllowOrigin()

corsAllowOrigin

public static void corsAllowOrigin(String corsAllowOrigin)

the value used for CORS in the access-control-allow-origin header.

The default is ""

Parameters:

corsAllowOrigin - the value used for CORS in the access-control-allow-methods header

corsAllowMethods

public static String corsAllowMethods()

corsAllowMethods

public static void corsAllowMethods(String corsAllowMethods)

The value used for CORS in the access-control-allow-methods header.

The default is "CONNECT, DELETE, GET, HEAD, OPTIONS, POST, PUT, PATCH, TRACE"

Parameters:

corsAllowMethods - the value used for CORS in the access-control-allow-methods header

corsAllowHeaders

public static String corsAllowHeaders()

corsAllowHeaders

public static void corsAllowHeaders(String corsAllowHeaders)

the value used for CORS in the access-control-allow-headers and access-control-expose-headers headers.

In addition to this default value any headers specified in the request header access-control-request-headers also get added to access-control-allow-headers and access-control-expose-headers headers in a CORS response.

The default is "Allow, Content-Encoding, Content-Length, Content-Type, ETag, Expires, Last-Modified, Location, Server, Vary, Authorization"

Parameters:

corsAllowHeaders - the value used for CORS in the access-control-allow-headers and access-control-expose-headers headers

corsAllowCredentials

public static boolean corsAllowCredentials()

corsAllowCredentials

public static void corsAllowCredentials(boolean allow)

The value used for CORS in the access-control-allow-credentials header.

The default is true

Parameters:

allow - the value used for CORS in the access-control-allow-credentials header

corsMaxAgeInSeconds

public static int corsMaxAgeInSeconds()

corsMaxAgeInSeconds

public static void corsMaxAgeInSeconds(int ageInSeconds)

The value used for CORS in the access-control-max-age header.

The default is 300

Parameters:

ageInSeconds - the value used for CORS in the access-control-max-age header.

initializationClass

public static String initializationClass()

initializationClass

public static void initializationClass(String initializationClass)

The class (and package) used to initialize expectations in MockServer at startup, if set MockServer will load and call this class to initialise expectations when is starts.

The default is null

Parameters:

initializationClass - class (and package) used to initialize expectations in MockServer at startup

initializationJsonPath

public static String initializationJsonPath()

initializationJsonPath

public static void initializationJsonPath(String initializationJsonPath)

The path to the json file used to initialize expectations in MockServer at startup, if set MockServer will load this file and initialise expectations for each item in the file when is starts.

The expected format of the file is a JSON array of expectations, as per the REST API format

Parameters:

initializationJsonPath - path to the json file used to initialize expectations in MockServer at startup

watchInitializationJson

public static boolean watchInitializationJson()

watchInitializationJson

public static void watchInitializationJson(boolean enable)

If enabled the initialization json file will be watched for changes, any changes found will result in expectations being created, remove or updated by matching against their key.

If duplicate keys exist only the last duplicate key in the file will be processed and all duplicates except the last duplicate will be removed.

The order of expectations in the file is the order in which they are created if they are new, however, re-ordering existing expectations does not change the order they are matched against incoming requests.

The default is false

Parameters:

enable - if enabled the initialization json file will be watched for changes

persistExpectations

public static boolean persistExpectations()

persistExpectations

public static void persistExpectations(boolean enable)

Enable the persisting of expectations as json, which is updated whenever the expectation state is updated (i.e. add, clear, expires, etc)

The default is false

Parameters:

enable - the persisting of expectations as json

persistedExpectationsPath

public static String persistedExpectationsPath()

persistedExpectationsPath

public static void persistedExpectationsPath(String persistedExpectationsPath)

The file path used to save persisted expectations as json, which is updated whenever the expectation state is updated (i.e. add, clear, expires, etc)

The default is "persistedExpectations.json"

Parameters:

persistedExpectationsPath - file path used to save persisted expectations as json

maximumNumberOfRequestToReturnInVerificationFailure

public static Integer maximumNumberOfRequestToReturnInVerificationFailure()

maximumNumberOfRequestToReturnInVerificationFailure

public static void maximumNumberOfRequestToReturnInVerificationFailure(Integer maximumNumberOfRequestToReturnInVerification)

The maximum number of requests to return in verification failure result, if more expectations are found the failure result does not list them separately

Parameters:

maximumNumberOfRequestToReturnInVerification - maximum number of expectations to return in verification failure result

attemptToProxyIfNoMatchingExpectation

public static boolean attemptToProxyIfNoMatchingExpectation()

attemptToProxyIfNoMatchingExpectation

public static void attemptToProxyIfNoMatchingExpectation(boolean enable)

If true (the default) when no matching expectation is found, and the host header of the request does not match MockServer's host, then MockServer attempts to proxy the request if that fails then a 404 is returned. If false when no matching expectation is found, and MockServer is not being used as a proxy, then MockServer always returns a 404 immediately.

Parameters:

enable - enables automatically attempted proxying of request that don't match an expectation and look like they should be proxied

forwardHttpProxy

public static InetSocketAddress forwardHttpProxy()

forwardHttpProxy

public static void forwardHttpProxy(String hostAndPort)

Use HTTP proxy (i.e. via Host header) for all outbound / forwarded requests

The default is null

Parameters:

hostAndPort - host and port for HTTP proxy (i.e. via Host header) for all outbound / forwarded requests

forwardHttpProxy

public static void forwardHttpProxy(InetSocketAddress hostAndPort)

Use HTTP proxy (i.e. via Host header) for all outbound / forwarded requests

The default is null

Parameters:

hostAndPort - host and port for HTTP proxy (i.e. via Host header) for all outbound / forwarded requests

forwardHttpsProxy

public static InetSocketAddress forwardHttpsProxy()

forwardHttpsProxy

public static void forwardHttpsProxy(String hostAndPort)

Use HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests, supports TLS tunnelling of HTTPS requests

The default is null

Parameters:

hostAndPort - host and port for HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests

forwardHttpsProxy

public static void forwardHttpsProxy(InetSocketAddress hostAndPort)

Use HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests, supports TLS tunnelling of HTTPS requests

The default is null

Parameters:

hostAndPort - host and port for HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests

forwardSocksProxy

public static InetSocketAddress forwardSocksProxy()

forwardSocksProxy

public static void forwardSocksProxy(String hostAndPort)

Use SOCKS proxy for all outbound / forwarded requests, support TLS tunnelling of TCP connections

The default is null

Parameters:

hostAndPort - host and port for SOCKS proxy for all outbound / forwarded requests

forwardSocksProxy

public static void forwardSocksProxy(InetSocketAddress hostAndPort)

Use SOCKS proxy for all outbound / forwarded requests, support TLS tunnelling of TCP connections

The default is null

Parameters:

hostAndPort - host and port for SOCKS proxy for all outbound / forwarded requests

forwardProxyAuthenticationUsername

public static String forwardProxyAuthenticationUsername()

forwardProxyAuthenticationUsername

public static void forwardProxyAuthenticationUsername(String forwardProxyAuthenticationUsername)

Username for proxy authentication when using HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests

Note: 8u111 Update Release Notes state that the Basic authentication scheme has been deactivated when setting up an HTTPS tunnel. To resolve this clear or set to an empty string the following system properties: jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes.

The default is null

Parameters:

forwardProxyAuthenticationUsername - username for proxy authentication

forwardProxyAuthenticationPassword

public static String forwardProxyAuthenticationPassword()

forwardProxyAuthenticationPassword

public static void forwardProxyAuthenticationPassword(String forwardProxyAuthenticationPassword)

Password for proxy authentication when using HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests

Note: 8u111 Update Release Notes state that the Basic authentication scheme has been deactivated when setting up an HTTPS tunnel. To resolve this clear or set to an empty string the following system properties: jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes.

The default is null

Parameters:

forwardProxyAuthenticationPassword - password for proxy authentication

proxyAuthenticationRealm

public static String proxyAuthenticationRealm()

proxyAuthenticationRealm

public static void proxyAuthenticationRealm(String proxyAuthenticationRealm)

The authentication realm for proxy authentication to MockServer

Parameters:

proxyAuthenticationRealm - the authentication realm for proxy authentication

proxyAuthenticationUsername

public static String proxyAuthenticationUsername()

proxyAuthenticationUsername

public static void proxyAuthenticationUsername(String proxyAuthenticationUsername)

The required username for proxy authentication to MockServer

Note: 8u111 Update Release Notes state that the Basic authentication scheme has been deactivated when setting up an HTTPS tunnel. To resolve this clear or set to an empty string the following system properties: jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes.

The default is ""

Parameters:

proxyAuthenticationUsername - required username for proxy authentication to MockServer

proxyAuthenticationPassword

public static String proxyAuthenticationPassword()

proxyAuthenticationPassword

public static void proxyAuthenticationPassword(String proxyAuthenticationPassword)

The required password for proxy authentication to MockServer

Note: 8u111 Update Release Notes state that the Basic authentication scheme has been deactivated when setting up an HTTPS tunnel. To resolve this clear or set to an empty string the following system properties: jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes.

The default is ""

Parameters:

proxyAuthenticationPassword - required password for proxy authentication to MockServer

livenessHttpGetPath

public static String livenessHttpGetPath()

livenessHttpGetPath

public static void livenessHttpGetPath(String livenessPath)

Path to support HTTP GET requests for status response (also available on PUT /mockserver/status).

If this value is not modified then only PUT /mockserver/status but is a none blank value is provided for this value then GET requests to this path will return the 200 Ok status response showing the MockServer version and bound ports.

A GET request to this path will be matched before any expectation matching or proxying of requests.

The default is ""

Parameters:

livenessPath - path to support HTTP GET requests for status response

controlPlaneTLSMutualAuthenticationRequired

public static boolean controlPlaneTLSMutualAuthenticationRequired()

controlPlaneTLSMutualAuthenticationRequired

public static void controlPlaneTLSMutualAuthenticationRequired(boolean enable)

Require mTLS (also called client authentication and two-way TLS) for all control plane requests

Parameters:

enable - TLS mutual authentication for all control plane requests

controlPlaneTLSMutualAuthenticationCAChain

public static String controlPlaneTLSMutualAuthenticationCAChain()

controlPlaneTLSMutualAuthenticationCAChain

public static void controlPlaneTLSMutualAuthenticationCAChain(String trustCertificateChain)

File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for control plane mTLS authentication

The X.509 Certificate Chain is for trusting (i.e. signature verification of) Client X.509 Certificates, the certificate chain must be a X509 PEM file.

This certificate chain will be used for to performs mTLS (client authentication) for inbound TLS connections if controlPlaneTLSMutualAuthenticationRequired is enabled

Parameters:

trustCertificateChain - File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for Trusting (i.e. signature verification of) Client X.509 Certificates

controlPlanePrivateKeyPath

public static String controlPlanePrivateKeyPath()

controlPlanePrivateKeyPath

public static void controlPlanePrivateKeyPath(String privateKeyPath)

File system path or classpath location of a fixed custom private key for control plane connections using mTLS for authentication.

The private key must be a PKCS#8 or PKCS#1 PEM file and must be the private key corresponding to the controlPlaneX509CertificatePath X509 (public key) configuration. The controlPlaneTLSMutualAuthenticationCAChain configuration must be the Certificate Authority for the corresponding X509 certificate (i.e. able to valid its signature).

To convert a PKCS#1 (i.e. default for Bouncy Castle) to a PKCS#8 the following command can be used: openssl pkcs8 -topk8 -inform PEM -in private_key_PKCS_1.pem -out private_key_PKCS_8.pem -nocrypt

This configuration will be ignored unless x509CertificatePath is also set.

Parameters:

privateKeyPath - location of the PKCS#8 PEM file containing the private key

controlPlaneX509CertificatePath

public static String controlPlaneX509CertificatePath()

controlPlaneX509CertificatePath

public static void controlPlaneX509CertificatePath(String x509CertificatePath)

File system path or classpath location of a fixed custom X.509 Certificate for control plane connections using mTLS for authentication.

The certificate must be a X509 PEM file and must be the public key corresponding to the controlPlanePrivateKeyPath private key configuration. The controlPlaneTLSMutualAuthenticationCAChain configuration must be the Certificate Authority for this certificate (i.e. able to valid its signature).

This configuration will be ignored unless privateKeyPath is also set.

Parameters:

x509CertificatePath - location of the PEM file containing the X509 certificate

controlPlaneJWTAuthenticationRequired

public static boolean controlPlaneJWTAuthenticationRequired()

controlPlaneJWTAuthenticationRequired

public static void controlPlaneJWTAuthenticationRequired(boolean enable)

Require JWT authentication for all control plane requests

Parameters:

enable - TLS mutual authentication for all control plane requests

controlPlaneJWTAuthenticationJWKSource

public static String controlPlaneJWTAuthenticationJWKSource()

controlPlaneJWTAuthenticationJWKSource

public static void controlPlaneJWTAuthenticationJWKSource(String controlPlaneJWTAuthenticationJWKSource)

JWK source used when JWT authentication is enabled for control plane requests

JWK source can be a file system path, classpath location or a URL

See: https://openid.net/specs/draft-jones-json-web-key-03.html

Parameters:

controlPlaneJWTAuthenticationJWKSource - file system path, classpath location or a URL of JWK source

controlPlaneJWTAuthenticationExpectedAudience

public static String controlPlaneJWTAuthenticationExpectedAudience()

controlPlaneJWTAuthenticationExpectedAudience

public static void controlPlaneJWTAuthenticationExpectedAudience(String controlPlaneJWTAuthenticationExpectedAudience)

Audience claim (i.e. aud) required when JWT authentication is enabled for control plane requests

Parameters:

controlPlaneJWTAuthenticationExpectedAudience - required value for audience claim (i.e. aud)

controlPlaneJWTAuthenticationMatchingClaims

public static Map<String,String> controlPlaneJWTAuthenticationMatchingClaims()

controlPlaneJWTAuthenticationMatchingClaims

public static void controlPlaneJWTAuthenticationMatchingClaims(Map<String,String> controlPlaneJWTAuthenticationMatchingClaims)

Matching claims expected when JWT authentication is enabled for control plane requests

Value should be string with comma separated key=value items, for example: scope=internal public,sub=some_subject

Parameters:

controlPlaneJWTAuthenticationMatchingClaims - required values for claims

controlPlaneJWTAuthenticationRequiredClaims

public static Set<String> controlPlaneJWTAuthenticationRequiredClaims()

controlPlaneJWTAuthenticationRequiredClaims

public static void controlPlaneJWTAuthenticationRequiredClaims(Set<String> controlPlaneJWTAuthenticationRequiredClaims)

Required claims that should exist (i.e. with any value) when JWT authentication is enabled for control plane requests

Value should be string with comma separated values, for example: scope,sub

Parameters:

controlPlaneJWTAuthenticationRequiredClaims - required claims

proactivelyInitialiseTLS

public static void proactivelyInitialiseTLS(boolean enable)

Proactively initialise TLS during start to ensure that if dynamicallyCreateCertificateAuthorityCertificate is enabled the Certificate Authority X.509 Certificate and Private Key will be created during start up and not when the first TLS connection is received.

This setting will also ensure any configured private key and X.509 will be loaded during start up and not when the first TLS connection is received to give immediate feedback on any related TLS configuration errors.

Parameters:

enable - proactively initialise TLS at startup

proactivelyInitialiseTLS

public static boolean proactivelyInitialiseTLS()

dynamicallyCreateCertificateAuthorityCertificate

public static boolean dynamicallyCreateCertificateAuthorityCertificate()

dynamicallyCreateCertificateAuthorityCertificate

public static void dynamicallyCreateCertificateAuthorityCertificate(boolean enable)

Enable dynamic creation of Certificate Authority X509 certificate and private key.

Enable this property to increase the security of trusting the MockServer Certificate Authority X509 by ensuring a local dynamic value is used instead of the public value in the MockServer git repo.

These PEM files will be created and saved in the directory specified with configuration property directoryToSaveDynamicSSLCertificate.

Parameters:

enable - dynamic creation of Certificate Authority X509 certificate and private key.

directoryToSaveDynamicSSLCertificate

public static String directoryToSaveDynamicSSLCertificate()

directoryToSaveDynamicSSLCertificate

public static void directoryToSaveDynamicSSLCertificate(String directoryToSaveDynamicSSLCertificate)

Directory used to save the dynamically generated Certificate Authority X.509 Certificate and Private Key.

Parameters:

directoryToSaveDynamicSSLCertificate - directory to save Certificate Authority X.509 Certificate and Private Key

preventCertificateDynamicUpdate

public static void preventCertificateDynamicUpdate(boolean prevent)

Prevent certificates from dynamically updating when domain list changes

Parameters:

prevent - prevent certificates from dynamically updating when domain list changes

preventCertificateDynamicUpdate

public static boolean preventCertificateDynamicUpdate()

sslCertificateDomainName

public static String sslCertificateDomainName()

sslCertificateDomainName

public static void sslCertificateDomainName(String domainName)

The domain name for auto-generate TLS certificates

The default is "localhost"

Parameters:

domainName - domain name for auto-generate TLS certificates

sslSubjectAlternativeNameDomains

public static void sslSubjectAlternativeNameDomains(Set<String> sslSubjectAlternativeNameDomains)

The Subject Alternative Name (SAN) domain names for auto-generate TLS certificates as a comma separated list

The default is "localhost"

Parameters:

sslSubjectAlternativeNameDomains - Subject Alternative Name (SAN) domain names for auto-generate TLS certificates

sslSubjectAlternativeNameDomains

public static Set<String> sslSubjectAlternativeNameDomains()

sslSubjectAlternativeNameIps

public static void sslSubjectAlternativeNameIps(Set<String> sslSubjectAlternativeNameIps)

The Subject Alternative Name (SAN) IP addresses for auto-generate TLS certificates as a comma separated list

The default is "127.0.0.1,0.0.0.0"

Parameters:

sslSubjectAlternativeNameIps - Subject Alternative Name (SAN) IP addresses for auto-generate TLS certificates

sslSubjectAlternativeNameIps

public static Set<String> sslSubjectAlternativeNameIps()

certificateAuthorityPrivateKey

public static String certificateAuthorityPrivateKey()

certificateAuthorityPrivateKey

public static void certificateAuthorityPrivateKey(String certificateAuthorityPrivateKey)

File system path or classpath location of custom Private Key for Certificate Authority for TLS, the private key must be a PKCS#8 or PKCS#1 PEM file and must match the certificateAuthorityCertificate To convert a PKCS#1 (i.e. default for Bouncy Castle) to a PKCS#8 the following command can be used: openssl pkcs8 -topk8 -inform PEM -in private_key_PKCS_1.pem -out private_key_PKCS_8.pem -nocrypt

Parameters:

certificateAuthorityPrivateKey - location of the PEM file containing the certificate authority private key

certificateAuthorityCertificate

public static String certificateAuthorityCertificate()

certificateAuthorityCertificate

public static void certificateAuthorityCertificate(String certificateAuthorityCertificate)

File system path or classpath location of custom X.509 Certificate for Certificate Authority for TLS, the certificate must be a X509 PEM file and must match the certificateAuthorityPrivateKey

Parameters:

certificateAuthorityCertificate - location of the PEM file containing the certificate authority X509 certificate

privateKeyPath

public static String privateKeyPath()

privateKeyPath

public static void privateKeyPath(String privateKeyPath)

File system path or classpath location of a fixed custom private key for TLS connections into MockServer.

The private key must be a PKCS#8 or PKCS#1 PEM file and must be the private key corresponding to the x509CertificatePath X509 (public key) configuration. The certificateAuthorityCertificate configuration must be the Certificate Authority for the corresponding X509 certificate (i.e. able to valid its signature), see: x509CertificatePath.

To convert a PKCS#1 (i.e. default for Bouncy Castle) to a PKCS#8 the following command can be used: openssl pkcs8 -topk8 -inform PEM -in private_key_PKCS_1.pem -out private_key_PKCS_8.pem -nocrypt

This configuration will be ignored unless x509CertificatePath is also set.

Parameters:

privateKeyPath - location of the PKCS#8 PEM file containing the private key

x509CertificatePath

public static String x509CertificatePath()

x509CertificatePath

public static void x509CertificatePath(String x509CertificatePath)

File system path or classpath location of a fixed custom X.509 Certificate for TLS connections into MockServer.

The certificate must be a X509 PEM file and must be the public key corresponding to the privateKeyPath private key configuration. The certificateAuthorityCertificate configuration must be the Certificate Authority for this certificate (i.e. able to valid its signature).

This configuration will be ignored unless privateKeyPath is also set.

Parameters:

x509CertificatePath - location of the PEM file containing the X509 certificate

tlsMutualAuthenticationRequired

public static boolean tlsMutualAuthenticationRequired()

tlsMutualAuthenticationRequired

public static void tlsMutualAuthenticationRequired(boolean enable)

Require mTLS (also called client authentication and two-way TLS) for all TLS connections / HTTPS requests to MockServer

Parameters:

enable - TLS mutual authentication

tlsMutualAuthenticationCertificateChain

public static String tlsMutualAuthenticationCertificateChain()

tlsMutualAuthenticationCertificateChain

public static void tlsMutualAuthenticationCertificateChain(String trustCertificateChain)

File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for trusting (i.e. signature verification of) Client X.509 Certificates, the certificate chain must be a X509 PEM file.

This certificate chain will be used if MockServer performs mTLS (client authentication) for inbound TLS connections because tlsMutualAuthenticationRequired is enabled

Parameters:

trustCertificateChain - File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for Trusting (i.e. signature verification of) Client X.509 Certificates

forwardProxyTLSX509CertificatesTrustManagerType

public static ForwardProxyTLSX509CertificatesTrustManager forwardProxyTLSX509CertificatesTrustManagerType()

forwardProxyTLSX509CertificatesTrustManagerType

public static void forwardProxyTLSX509CertificatesTrustManagerType(ForwardProxyTLSX509CertificatesTrustManager trustManagerType)

Configure trusted set of certificates for forwarded or proxied requests.

MockServer will only be able to establish a TLS connection to endpoints that have a trusted X509 certificate according to the trust manager type, as follows:

ALL - Insecure will trust all X509 certificates and not perform host name verification. JVM - Will trust all X509 certificates trust by the JVM. CUSTOM - Will trust all X509 certificates specified in forwardProxyTLSCustomTrustX509Certificates configuration value.

Parameters:

trustManagerType - trusted set of certificates for forwarded or proxied requests, allowed values: ALL, JVM, CUSTOM.

forwardProxyTLSCustomTrustX509Certificates

public static String forwardProxyTLSCustomTrustX509Certificates()

forwardProxyTLSCustomTrustX509Certificates

public static void forwardProxyTLSCustomTrustX509Certificates(String customX509Certificates)

File system path or classpath location of custom file for trusted X509 Certificate Authority roots for forwarded or proxied requests, the certificate chain must be a X509 PEM file.

MockServer will only be able to establish a TLS connection to endpoints that have an X509 certificate chain that is signed by one of the provided custom certificates, i.e. where a path can be established from the endpoints X509 certificate to one or more of the custom X509 certificates provided.

Parameters:

customX509Certificates - custom set of trusted X509 certificate authority roots for forwarded or proxied requests in PEM format.

forwardProxyPrivateKey

public static String forwardProxyPrivateKey()

forwardProxyPrivateKey

public static void forwardProxyPrivateKey(String privateKey)

File system path or classpath location of custom Private Key for proxied TLS connections out of MockServer, the private key must be a PKCS#8 or PKCS#1 PEM file

To convert a PKCS#1 (i.e. default for Bouncy Castle) to a PKCS#8 the following command can be used: openssl pkcs8 -topk8 -inform PEM -in private_key_PKCS_1.pem -out private_key_PKCS_8.pem -nocrypt

This private key will be used if MockServer needs to perform mTLS (client authentication) for outbound TLS connections.

Parameters:

privateKey - location of the PEM file containing the private key

forwardProxyCertificateChain

public static String forwardProxyCertificateChain()

forwardProxyCertificateChain

public static void forwardProxyCertificateChain(String certificateChain)

File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for Trusting (i.e. signature verification of) Client X.509 Certificates, the certificate chain must be a X509 PEM file.

This certificate chain will be used if MockServer needs to perform mTLS (client authentication) for outbound TLS connections.

Parameters:

certificateChain - location of the PEM file containing the certificate chain