Am trying to automate API in Jmeter, wherein getting below error message,
Response code: Non HTTP response code: javax.net.ssl.SSLHandshakeException
Response message: Non HTTP response message: Received fatal alert: handshake_failure
The same request is working fine in Postman, there is a client certificate generated in .CRT or .P79 formats.Also in postman > Certificates i configured Host , CRT file , KEY file, wanted to know in Jmeter where/how we can configure these.
Note : was not able to use openssl and Keytool as am not allowed to install in client machine.
JMeter can only send client certificates if they're present in a Java Keystore
So you need to convert your .crt certificate into .jks or .p12 Java Keystore and tell JMeter where the keystore is located and what is the password using javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword JMeter System Properties like it's described in How to Set Your JMeter Load Test to Use Client Side Certificates article.
If you're not capable of installing OpenSSL and/or Keytool to the machine where JMeter lives you can use online certificate conversion solutions like:
SSL Converter by SSHShopper
SSL Converter by NameCheap
Related
My Jira instance is running on an HTTPS port. I have written a script that creates sub-tasks of a task in a project using a Jira API POST request on the Jira instance. It was working fine on my HTTP version. When I shifted to the HTTPS version, it started giving errors.
Error 1:
It gave the certificate error that was not present in Java.
Resolution. I resolved the issue using the below commands in my Jira instance.
openssl x509 -in <(openssl s_client -connect 192.168.2.214:8083 -prexit 2>/dev/null) -out ~/server-name.crt
keytool -importcert -file ~/server-name.crt -alias server-name -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
My Instance is running on AWS and has different internal and external IPs to access it.
The problem I am facing after resolving the above issue is :
javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address 192.168.2.214 found
at Script2.run(Script2.groovy:11)
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 192.168.2.214 found
... 1 more
My internal IP is 192.168.2.214 and my external IP is different from it.
My external IP is mapped to a URL and the certificate is purchased against that URL.
How do I get rid of this error as I only can access my HTTPS port using the internal IP when making an API call and there is no HTTP port defined. If I define an HTTP port, I would need to reconstruct my whole instance which is not possible at the moment.
I am facing issue with the execution of the APIs in Jmeter. Our APIs have client certificate in .pfx format. I have converted the same in .jks and updated the same in the system.properties of jmeter. In jmeter I have created a csv file to pick up the created alias. However, the error is shown as
Error:
Response message: Non HTTP response message: java.lang.IllegalArgumentException: No certificate found for alias:'certalias'
Below is my alias info:
Alias name: certalias
Creation date: Nov 8, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Jmeter Log:
2018-11-13 11:16:08,949 WARN o.a.j.u.SSLManager: Keystore file not found, loading empty keystore
Can you please help me with the integration of our client certificate with the Jmeter.
Thanks in advance.
I don't think you need to convert the .pfx into as .pfx is a PKCS12 certificate type and JMeter should support it out of the box.
Make sure to add the next lines to system.properties file:
javax.net.ssl.keyStore=your_certificate.pfx
javax.net.ssl.keyStorePassword=your_certificate_password
javax.net.ssl.keyStoreType=pkcs12
JMeter restart will be required to pick the properties up.
If you have > 1 certificates in the keystore you can select the exact certificate(s) by setting the following properties
https.keyStoreStartIndex=0
https.keyStoreEndIndex=0
By default JMeter will go for the first certificate in the keystore, if your certalias is not the first - amend the properties accordingly.
More information: How to Set Your JMeter Load Test to Use Client Side Certificates
I am unable to record a script using JMeter and getting connection abort and fatal alert.
JMeter log:
2018-02-13 13:41:24,653 WARN o.a.j.p.h.p.Proxy: [54571] Problem with SSL certificate for url for 'api.amplitude.com'? Ensure browser is set to accept the JMeter proxy cert: Software caused connection abort: recv failed
2018-02-13 13:41:39,823 WARN o.a.j.p.h.p.Proxy: [54636] Problem with SSL certificate for url for 'api.amplitude.com'? Ensure browser is set to accept the JMeter proxy cert: Received fatal alert: unknown_ca
2018-02-13 13:41:40,868 WARN o.a.j.p.h.p.Proxy: [54650] Problem with SSL certificate for url for 'code.jquery.com'? Ensure browser is set to accept the JMeter proxy cert: Software caused connection abort: recv failed
The main reason for this error is incorrect configuration of your browser, you need to import JMeter's self-signed certificate into the browser, the file is called ApacheJMeterTemporaryRootCA.crt and it's generated in "bin" folder of your JMeter installation when you launch HTTP(S) Test Script Recorder. See HTTPS recording and certificates chapter of JMeter User Manual for more information on the concept and instructions on how to install JMeter's certificate into different browsers. I would also recommend checking out Recording HTTPS Traffic with JMeter's Proxy Server article for more details.
If your application doesn't use HTTPS and the call to api.amplitude.com is generated as a result of parsing embedded resources you can simply exclude this URL from recording by adding it to URL Patterns to Exclude field of the HTTP(S) Test Script Recorder like:
I have installed mailgun on my local machine.
I am using localhost:8000 to run my laravel project. I tried to send the message and I received this message
RequestException in Client.php line 136:
SSL certificate problem: unable to get local issuer certificate
Can anyone explain how it is solved?
Download curl from https://curl.haxx.se/download.html
Download win64 version then extract.
copy ca-bundle.crt to /apache/bin/
Then open php/php.ini and edit line
curl.cainfo = "/path/to/wamp64/bin/apache/apache2.4.18/bin/ca-bundle.crt"
Restart server
I am a beginner is TIBCO.I want to send email using tibco mail activity.Following are my configuration of send mail activity
host: smtp.gmail.com:587
selected the authenticate check box
then in username field entered my gmail username and in password entered my gmail password.
and in the input tab provided the valid to address,subject and body.When I run then I get the following error
BW-MAIL-100019 Job-10000 Error in [Sender.process/Send Mail]
Error sending mail message. Cause: com.sun.mail.smtp.SMTPSendFailedException: 530 5.7.0 Must issue a STARTTLS command first. nx12sm74930440pab.6 - gsmtp
I have also checked by changing the host like this smtp.gmail.com:25 but still the same error.Can any body please tell me what wrong am I doing?
Follow these instructions to use the Send Mail activity over TLS (port 587):
First, retrieve the full certificate chain of the SMTP server. To do so, download an OpenSSL client (e.g. GnuWin32's implementation if you are on Windows), then type:
openssl s_client -showcerts -connect smtp.gmail.com:587 -starttls smtp
A list of PEM-formatted certs should show up. Copy each of them in a separate file (or all of them in a single file) with extension .cert and add those files to any folder in your BW project. Please note that the root CA certificate is missing from the chain; you can download it here and add it to the certs folder. You can also use an external folder if you want the certs to be managed outside your project by using the BW_GLOBAL_TRUSTED_CA_STORE global variable (see BW documentation).
On the Send Mail activity, set the Host field to smtp.gmail.com:587.
If using BW 5.8 or below, add the following Java properties to the TRA of your application:
java.property.mail.smtp.starttls.enable=true
java.property.mail.smtp.starttls.required=true
If using BW 5.10 or above, check the SSL box and make the Trusted Certificates Folder point to your certs folder.
Check the Authenticate box and set the User Name (xxxx#gmail.com) and Password fields with your Google credentials.