How to integrate client certificate with jmeter - jmeter

I am facing issue with the execution of the APIs in Jmeter. Our APIs have client certificate in .pfx format. I have converted the same in .jks and updated the same in the system.properties of jmeter. In jmeter I have created a csv file to pick up the created alias. However, the error is shown as
Error:
Response message: Non HTTP response message: java.lang.IllegalArgumentException: No certificate found for alias:'certalias'
Below is my alias info:
Alias name: certalias
Creation date: Nov 8, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Jmeter Log:
2018-11-13 11:16:08,949 WARN o.a.j.u.SSLManager: Keystore file not found, loading empty keystore
Can you please help me with the integration of our client certificate with the Jmeter.
Thanks in advance.

I don't think you need to convert the .pfx into as .pfx is a PKCS12 certificate type and JMeter should support it out of the box.
Make sure to add the next lines to system.properties file:
javax.net.ssl.keyStore=your_certificate.pfx
javax.net.ssl.keyStorePassword=your_certificate_password
javax.net.ssl.keyStoreType=pkcs12
JMeter restart will be required to pick the properties up.
If you have > 1 certificates in the keystore you can select the exact certificate(s) by setting the following properties
https.keyStoreStartIndex=0
https.keyStoreEndIndex=0
By default JMeter will go for the first certificate in the keystore, if your certalias is not the first - amend the properties accordingly.
More information: How to Set Your JMeter Load Test to Use Client Side Certificates

Related

Applying SSL certificate in redhat OS

I have .cer and .p7b certificate I tried to apply it on my ssl config file but my apache suddenly crash so I retain the previous settings which is ca.crt and the apache return to active status.
Question 1 should I need to convert my .cer file to .crt before applying it on my ssl config?
Question 2 How to convert the file and make it compatible with my server/ssl?
If you need more details, let me know. Thank you!

Jmeter - Non HTTP response message: Received fatal alert: handshake_failure

Am trying to automate API in Jmeter, wherein getting below error message,
Response code: Non HTTP response code: javax.net.ssl.SSLHandshakeException
Response message: Non HTTP response message: Received fatal alert: handshake_failure
The same request is working fine in Postman, there is a client certificate generated in .CRT or .P79 formats.Also in postman > Certificates i configured Host , CRT file , KEY file, wanted to know in Jmeter where/how we can configure these.
Note : was not able to use openssl and Keytool as am not allowed to install in client machine.
JMeter can only send client certificates if they're present in a Java Keystore
So you need to convert your .crt certificate into .jks or .p12 Java Keystore and tell JMeter where the keystore is located and what is the password using javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword JMeter System Properties like it's described in How to Set Your JMeter Load Test to Use Client Side Certificates article.
If you're not capable of installing OpenSSL and/or Keytool to the machine where JMeter lives you can use online certificate conversion solutions like:
SSL Converter by SSHShopper
SSL Converter by NameCheap

cacerts vs server.ssl.trust-store

I am trying to contact a service over https using RestTemplate. I have got their crt and I added it to java cacerts truststore and everything worked.
But now If I wanted to remove it from cacerts and add it to my a trust store that exist in resource folder
so I have the following in the properties file
server.ssl.trust-store=classpath:service1.truststore
server.ssl.trust-store-password={pass}
I added the crt to service1.truststore
This does not work..... I get
SunCertPathBuilderException: unable to find valid certification path to requested target
Can someone explain the difference here between adding the cert to my truststore vs cacerts?
I have the same CAs in both truststores.

How to configure jmeter for load testing a secure application if I have .pem files with me

I am new to JMeter, just started. I have a secure application and I downloaded the .pem file. I am confused(steps converting .pem to .cer or pk12) about how to use this for accessing the application. When I tried to convert .pem to pfx it is giving error saying either private key does not match or format is different. Can anyone help with a clear list of steps to follow to use JMeter for load testing the application?
Thanks in advance.
JMeter can only work with Java Keystores (either in JKS or PKCS12 formats) so you need to convert your .pem file into a Java Keystore.
You can do this either using OpenSSL command-line utility like:
openssl pkcs12 -export -out keystore.p12 -inkey key.pem -in cert.pem
Or if you prefer you can use a GUI-based took like Keystore Explorer
Once done you can configure JMeter to use this keystore by adding the next lines to system.properties file (lives in "bin" folder of your JMeter installation)
javax.net.ssl.keyStoreType=pkcs12
javax.net.ssl.keyStore=/path/to/your/keystore.p12
javax.net.ssl.keyStorePassword=your_keystore_password_here
More information: How to Set Your JMeter Load Test to Use Client Side Certificates

Getting connection abort and fatal alert error while recording in jmeter

I am unable to record a script using JMeter and getting connection abort and fatal alert.
JMeter log:
2018-02-13 13:41:24,653 WARN o.a.j.p.h.p.Proxy: [54571] Problem with SSL certificate for url for 'api.amplitude.com'? Ensure browser is set to accept the JMeter proxy cert: Software caused connection abort: recv failed
2018-02-13 13:41:39,823 WARN o.a.j.p.h.p.Proxy: [54636] Problem with SSL certificate for url for 'api.amplitude.com'? Ensure browser is set to accept the JMeter proxy cert: Received fatal alert: unknown_ca
2018-02-13 13:41:40,868 WARN o.a.j.p.h.p.Proxy: [54650] Problem with SSL certificate for url for 'code.jquery.com'? Ensure browser is set to accept the JMeter proxy cert: Software caused connection abort: recv failed
The main reason for this error is incorrect configuration of your browser, you need to import JMeter's self-signed certificate into the browser, the file is called ApacheJMeterTemporaryRootCA.crt and it's generated in "bin" folder of your JMeter installation when you launch HTTP(S) Test Script Recorder. See HTTPS recording and certificates chapter of JMeter User Manual for more information on the concept and instructions on how to install JMeter's certificate into different browsers. I would also recommend checking out Recording HTTPS Traffic with JMeter's Proxy Server article for more details.
If your application doesn't use HTTPS and the call to api.amplitude.com is generated as a result of parsing embedded resources you can simply exclude this URL from recording by adding it to URL Patterns to Exclude field of the HTTP(S) Test Script Recorder like:

Resources