Can someone help me with the integration of the .pfx client certificate with the jmeter ?
I have converted the pfx file into jks file. I have added the same in the system.properties . But I am no able to execute the client request. I get the following error.
2018-11-08 22:31:08,137 INFO o.a.j.u.SSLManager: JmeterKeyStore Location: C:MyWorkSpace/apache-jmeter-5.0certclientcert.jks type jks
2018-11-08 22:31:08,137 INFO o.a.j.u.SSLManager: KeyStore created OK
2018-11-08 22:31:08,137 WARN o.a.j.u.SSLManager: Keystore file not found, loading empty keystore
2018-11-08 22:31:08,137 INFO o.a.j.g.u.JMeterMenuBar: setRunning(true, local)
Please guide me if I am missing any steps. Thanks in advance.
According to your log file JMeter tries to locate the keystore under the following path:
C:MyWorkSpace/apache-jmeter-5.0certclientcert.jks
which doesn't look a valid one to me. Try replacing all backslashes \ with forward ones / in the path so it would look like:
C:/MyWorkSpace/apache-jmeter-5.0/certclientcert.jks
Another option is to specify the path to the keystore in system.properties file like:
javax.net.ssl.keyStore=C:/MyWorkSpace/apache-jmeter-5.0/certclientcert.jks
javax.net.ssl.keyStorePassword=your_password
And last but not the least, you can pass the path to the keystore via -D command-line argument like:
jmeter -Djavax.net.ssl.keyStore=C:/MyWorkSpace/apache-jmeter-5.0/certclientcert.jks -Djavax.net.ssl.keyStorePassword=your_password -n -t test.jmx ...
More information: How to Set Your JMeter Load Test to Use Client Side Certificates
Related
we have defined the following in .ini file:
Assigned Values:
opendistro_security.ssl.http.enabled= True
Kesystore type = PKCS12
keystore_filepath = /relativepath.pfx
truststore_type = PKCS12
truststore-filepath =/relativepath.pfx
opendistro_security.ssl.transport.keystore_password=""
opendistro_security.ssl.transport.truststore_password=""
We are getting below error message when we execute .Net application:
Error:
Caused by: org.elasticsearch.ElasticsearchSecurityException: Error while initializing transport SSL layer: java.io.IOException: keystore password was incorrect
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
Resolutions we tried:
Changed different passwords of Pfx as well as defined in setting_override.ini (eg. “changeit”). Also added Pfx file to respective directory.
Checked PFX file by both import/ export by creating new password and also added that in MMC and checked.
Added default password for Truststore type and Keystore Type as per the this URL
Placed Pfx file inside config folder of Elastic Search
But still we are facing issue.
In this URL they have mentioned the following settings such as:
ELASTIC_PASSWORD=password
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.keystore.path=/usr/share/elasticsearch/config/elastic-certificates.p12
- xpack.security.http.ssl.truststore.path=/usr/share/elasticsearch/config/elastic-certificates.p12
- xpack.security.http.ssl.keystore.password=password
- xpack.security.http.ssl.truststore.password=password
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/elastic-certificates.p12
- xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/elastic-certificates.p12
- xpack.security.transport.ssl.keystore.password=password
- xpack.security.transport.ssl.truststore.password=password
Queries:
Do we need to mention all this settings for our application?
Is the above setting applicable for XPack (or) it will get applicable for Open Distro also?
Is elastic search will have separate password? If so where can we check password related to Elastic Search?
Do we need to assign same password of Elastic search to Truststore type and Key store type?
I am trying to sign my APK file with keystore.jks file manually to publish my App on Google Play Store.
here are the commands I am following.
zipalign -v -p 4 com.VolMobileApp.Android.apk com.VolMobileAppAligned.Android.apk
apksigner sign --ks h2vkeystore.jks --out com.VolMobileAppRelease.Android.apk com.VolMobileAppAligned.Android.apk
Here is the issue. I tried to look for a solution but did not succeed.
When Second Command asks
Keystore password for signer #1:
After filling password it returns the error given below. Earlier there was no error.
Failed to load signer "signer #1"
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:666)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71)
at java.security.KeyStore.load(KeyStore.java:1445)
at com.android.apksigner.SignerParams.loadKeyStoreFromFile(SignerParams.java:353)
at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:239)
at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181)
at com.android.apksigner.ApkSignerTool.getSignerConfig(ApkSignerTool.java:368)
at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:291)
at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:84)
I am not able to detect what I am doing wrong, but the difference I notice is in the archived folder structure.
In my case solved the problem by signing the .APK whit the values signed into the keystore that we configured to create the APK file in Release mode.
I taked the Microsoft example in here
and here I put the same values
That way a solved my problem with
"java.exe" exited with code 2
But the real information problem was in output:
Failed to load signer "signer #1" java.io.IOException: Invalid keystore format
At the moment I don't find the real solution to this problem but, this works.
At present our android build export format is .apk format. I was able to successfully take apk build v1 & v2 signature. From Aug 1st 2021 onwards google discontinues .apk and need everyone should migrate to .aab bundle file. So when same keystore file I used to generate .apk file, I am getting below error
The security strength of SHA-1 digest algorithm is not sufficient for this key size
Detailed error message:
Execution failed for task ':app:signReleaseBundle'.
> A failure occurred while executing
com.android.build.gradle.internal.tasks.FinalizeBundleTask$BundleToolRunnable
> Failed to generate v1 signature
Is there a way to edit the key size of SHA-1 digest algorithm inside the keystore file?
Any other workaround for issue?[like disabling V1 signature]
You will have to create a new key.
I had the same problem. After I created a new jks keystore file I was able to sign the bundle. See here for how to create a new key.
I am attempting to run and test a Spring Boot application that I have packaged into a zip file and unpacked on a Linux VM. The zip contains everything the application needs (at least to my knowledge). When I attempt to execute the application, it starts but quickly fails because it cannot load a keystore needed for SSH/TLS secure communications.
I have the following in my application.yml:
server:
port: 8091
ssl:
enabled: true
protocol: TLS
trust-store-type: JKS
trust-store: classpath:keystore/server.keystore
trust-store-password: <hidden>
key-store-type: JKS
key-store: classpath:keystore/ra/server.keystore
key-store-password: <hidden>
The directory structure on the test system is as follows:
[centos#route-assessor route-assessor]$ ls -R
.:
config elastic-apm-agent-1.10.0.jar lib run-route-assessor.sh services-0.0.1-SNAPSHOT.jar
./config:
application.yml keystore log4j2.xml
./config/keystore:
mp ra rg server.keystore
./config/keystore/mp:
server.keystore
./config/keystore/ra:
server.keystore
./config/keystore/rg:
server.keystore
./lib
<dependency jars>
Here is the exception thrown:
[2019-10-23 13:21:31.419] main WARN : context.AnnotationConfigServletWebServerApplicationContext:557 - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.boot.web.server.WebServerException: Could not load key store 'classpath:keystore/server.keystore'
The Spring Boot "runtime" obviously sees and accesses the config directory, but doesn't seem to see the keystore directory contained within. Do I need to specify the paths differently in application.yml or do I need to put the keystore files somewhere else?
Note: I can run this application with the application.yml configured as shown from eclipse without any problem. Granted, all resources are located in src/main/resources for that situation.
UPDATE:
As per #borban's suggestion, I modified the application.yml as follows:
key-store: file:config/keystore/ra/server.keystore
trust-store: file:config/keystore/server.keystore
That seems to have solved one problem, but I'm not out of the woods yet:
[2019-10-23 15:07:17.671] main ERROR: boot.SpringApplication:821 - Application run failed
org.springframework.boot.web.server.WebServerException: Unable to start embedded Jetty server
...
Caused by: java.lang.IllegalStateException: no valid keystore
...
As far as I know, my keystore files are valid and correct (I've been using them on my Windows development box for months). They are copied over as part of the zip distribution. Is there something maybe I'm missing?
I'm also a little concerned with a few other messages in the log. I'm not sure if they're related, but it seems that they could be:
[2019-10-23 15:07:10.153] main WARN : resource.Resource:126 - java.lang.IllegalArgumentException: URI is not hierarchical
[2019-10-23 15:07:10.155] main WARN : resource.Resource:126 - java.lang.IllegalArgumentException: URI is not hierarchical
I don't recall seeing them before.
Are you are trying to access this keystore outside of the classpath and from the filesystem itself? From the folder structure you are giving, that seems to be the case. If you remove the "classpath" prefix and then update your path appropriately, it should work.
From this post, it looks like you have to prefix with "file"
https://maven.apache.org/plugins/maven-resources-plugin/examples/resource-directory.html
You can use maven resource plugin to add the folders you need to the plugin:
https://maven.apache.org/plugins/maven-resources-plugin/examples/resource-directory.html
then use without classpath??
I am trying to use multiple certificates(.p12) in multiple thread groups. The following is the set up,
ThreadGroup1
HTTPRequest1
CSVdataconfig - cert_alias1.csv
Keystoreconfig - cert1 alias name
ThreadGroup2
HTTPRequest2
CSVdataconfig - cert_alias2.csv
Keystoreconfig - cert2 alias name
ThreadGroup3
HTTPRequest3
CSVdataconfig - cert_alias3.csv
Keystoreconfig - cert3 alias name
Have combined all three (.p12) certificates into one keystore(.jks) file using Keystore tool .
If 'Run Thread Groups consecutively'(in Test Plan) is checked , the script works fine.
If 'Run Thread Groups consecutively'(in Test Plan) is unchecked , HTTP requests fail intermittently.
PS: I am importing .jks file into SSL Manager prior to test run and providing password on the prompt. Also used keystore parameters in system.properties file.