SSL Handshake Exception while Load test using Jmeter in Jenkins - spring-boot

Hi I am integrating the Jmeter with the opeshift pipeline using Jenkins to test my API(https). When the Jmeter is trying to send the request to the API I am getting following error:
Non HTTP response code: javax.net.ssl.SSLHandshakeException - Non HTTP response message: java.security.cert.CertificateException: No name matching <> found
I have tried steps to ignore the SSL certificate verification but I am unable to bypass the process.
I have created a spring boot project to run the load test as a pipeline. I am using <groupId>com.lazerycode.jmeter</groupId> and using the the jmeter file with extension .jmx to run in jenkins.

As per SSL Encryption chapter of JMeter Documentation:
The JMeter HTTP samplers are configured to accept all certificates, whether trusted or not, regardless of validity periods, etc. This is to allow the maximum flexibility in testing servers.
If the server requires a client certificate, this can be provided.
So by default JMeter will trust all certificates no matter of their validity, incomplete chain, subject not matching dns hostname, etc.
If might be the case that your application requires JMeter to send client certificate for security reasons, it can be done either using SSL Manager or providing the relevant system properties pointing to the keystore where the certificate lives. See How to Set Your JMeter Load Test to Use Client Side Certificates article for more details

Related

Jmeter client certificate setting gives 403 error

Im using apache jmeter 5.3
My remote service requires client certificate when making calls.
I followed the steps pointed in this article[1] (Options-->SSL manager , and selected my cert, provided password)
But still I get 403. Anyone can help?
Same certificate is working when I configure it via Postman.
[1]https://jmeter.apache.org/usermanual/component_reference.html#SSL_Manager
HTTP Status code 403 means "Forbidden", in other words:
The server recognizes the user as the valid one (authentication passes)
However the server doesn't allow the user to access the particular resource (authorization fails)
Also be aware that SSL Manager will work in GUI mode only, if you're running your test in command-line non-GUI mode you will need to put the path to the keystore and the password into system.properties file, see How to Set Your JMeter Load Test to Use Client Side Certificates article for more details.
In case of problems take a look at jmeter.log file, normally it contains sufficient amount of troubleshooting information, if it doesn't - your can always increase log level verbosity for the component(s) you're interested in.

How jmeter works on HTTPS without using certificates

I am working on HTTPS calls in jmeter. When I started to do the configuration I took help of stackoverflow. Surprisingly I found all I have to do is to change protocol from HTTP to HTTPS and it actually worked. Which makes me wonder how jmeter bypasses the certificate without any configuration?
Some sites use simple mode of HTTPS which doesn't require client installation
SSL and TLS encryption can be configured in two modes: simple and mutual. In simple mode, authentication is only performed by the server. The mutual version requires the user to install a personal client certificate in the web browser for user authentication.
As per 1.2.4 SSL Encryption chapter:
The JMeter HTTP samplers are configured to accept all certificates, whether trusted or not, regardless of validity periods, etc. This is to allow the maximum flexibility in testing servers.
If the server requires a client certificate, this can be provided.

Unable to login to system while recording through Jmeter

I'm unable to record login functionality every time its giving validation message on login screen with proxy on. On removing the proxy login functionality works fine. I'm using localhost with port given with the URL of the system under test.
Address is something like - 52.xxx.xxx.xxx: Portnumber
Please help..!!
It may be connected with HTTPS protocol, sending username and password in plain text is a very bad practice so I am more than sure your application is using some form of TLS encryption.
JMeter is able to decrypt and record secure traffic, however some extra configuration will be required, in particular you will need to add JMeter's self-signed certificate into browser so JMeter would be able to intercept secure traffic. Pay attention to the following chapters of the JMeter's HTTP(S) Test Script Recorder documentation:
HTTPS recording and certificates
Installing the JMeter CA certificate for HTTPS recording
If you will be still experiencing problems check out Recording HTTPS Traffic with JMeter's Proxy Server article for troubleshooting steps.

Jmeter: Distributed Testing with client certificates

We set up Jmeter for performance testing over HTTPS with client certificates (via SSL Manager). It works like a charm if we run it from GUI. But, if we start distributed testing we get a bad certificate error.
How to pass the certificates & password to the slaves?
You can configure the certificates using Java SSL System Properties
I.e. add the following lines to system.properties file on each remote slave machine:
javax.net.ssl.keyStore=certificate.p12
javax.net.ssl.keyStorePassword=secr3t
javax.net.ssl.keyStoreType=pkcs12
amend above values to match your settings
JMeter restart will be required to pick the properties up.
You can also pass the values via -D command-line arguments like:
jmeter -Djavax.net.ssl.keyStore=certificate.p12 -Djavax.net.ssl.keyStorePassword=secr3t -s ...
See How to Set Your JMeter Load Test to Use Client Side Certificates article for more detailed explanation.

Jmeter Probably waiting for user to authorize the certificate

All
When i am trying to record https urls with jmeter, i am getting below message in log:
jmeter.protocol.http.proxy.Proxy: [64432] Empty response to http over SSL. Probably waiting for user to authorize the certificate for XXXXXXX:443.
Its not loading any pages of our application.
Can anyone please help me how to resolve this issue?Thanks
Theju
First read:
http://jmeter.apache.org/usermanual/jmeter_proxy_step_by_step.pdf
http://jmeter.apache.org/usermanual/component_reference.html#HTTP%28S%29_Test_Script_Recorder
Among resolutions for your issue:
Install in the browser as described in documentation the Fake Certification Authority created by JMeter
Call https URL in the browser and accept certificate, then start recording your scenario
Have you added JMeter's self-signed certificate to browser's exception list?
If so - try removing the certificate and starting over.
For other troubleshooting options and recommendations see Recording HTTPS Traffic with JMeter's Proxy Server guide.
I suggest using SmartMeter Recorder. You will avoid all isues with setting up the proxy. SmartMeter Recorder uses its own Chrome plugin and works out of the box. Read the article for more info.
First of all for performance testing you should have application setup without the certificates otherwise you are testing results will differ. Your objective should be to test actual calls and those should be isolated.
If you still insist doing with certificate then you need to register JMeter certificate with browser which you are using for recording. You can find that in JMeter bin directory. Just register with your browser which you are using fir recording.

Resources