I am using jakarta-jmeter-2.3.1 and needs to call a SOAP webservice over HTTPS. The server needs client side certificate.
Can you please let me know how to refer keystore in earlier version of the jmeter?
I know the latest version (3.2) has Keystore Configuration sampler element, which I could not find in 2.3.1.
[I need to use that versoin because of the client side restriction. ]
You can configure the encryption on JVM level by adding the next lines to system.properties file:
javax.net.ssl.keyStoreType=${keystoretype}
javax.net.ssl.keyStore=/path/to/your/certificate
javax.net.ssl.keyStorePassword=your_certificate_password_here
${keystoretype} can be either pkcs12 for .p12 files or jks for .jks files (this is default). If your certificate is in the different format it will be better to convert it to i.e. .p12 format using OpenSSL or equivalent
you will need to restart JMeter to pick the properties up
See How to Set Your JMeter Load Test to Use Client Side Certificates guide for more detailed information if needed.
JMeter 2.3.1 is highly outdated, more than 1000 bugs and 500 enhancements occured since that one.
Convince your customer to upgrade, you'll gain at all levels:
productivity
quality
performance
reporting
Related
I have written a restful API project which is developed using spring boot and I am using the embedded tomcat and running a jar on a linux server.
The APIs are live at:
https://api.arevogroup.com:8089/api/regions
and I can see the verified and correct SSL as well as in the given screenshot.
but I am getting an this exception in the postman when I call these apis.
These APIs are consumed by a Xamrin based app which seems to work all good when consumed using iPhone but gives this same exception when the APIs are accessed via android.
I guess, the way I have generated the ssl certificate has some issues.
I have used a pfx file and my SSL config in properties file looks like this:
###SSL Key Info
security.require-ssl=true
server.ssl.key-store-password=PASSWORD
server.ssl.key-store=classpath:ssl_pfx.pfx
server.ssl.key-store-type=PKCS12
I have 2 questions, if disable the ssl verification, would the communication still be encrypted or not? (man in the middle attack is still possible but the info will still be encrypted, right?).
If not, how can I fix this?
You can't disable the verification of the server certificate. No browser will allow you to do it, except on an exceptional basis (the user must confirm the exception). If the client disables the verification, than the communication will be encrypted (i.e. no passive attack will be possible).
The errors you see are cause by a misconfiguration of your server.
Your certificate chain contains just the certificate for your server and lacks the intermediate certificate CN=Go Daddy Secure Certificate Authority - G2. You need to download it from Go Daddy (it is the one named gdig2.crt.pem) and add it to your keystore.
Refer to this question on how to do it.
Some browsers cache intermediate certificates and are able to verify your site even if one certificate is missing. However you should not rely on it.
security.require-ssl=true
server.ssl.key-store-password=PASSWORD
server.ssl.key-store=keystore.jks
server.ssl.key-store-provider=SUN
server.ssl.key-store-type=JKS
Used the jks file instead of pfx and it worked all good. Thought to share with others too.
I need to perform a load run with 100 User Load for an API with certificate-based authentication. I had SIX different certificates in JKS format. I would like to know how can we use all these six certificates while performing a load run. Can we have some configurations like we use CSV Data config for parameterizing data?
I tried by mentioning the path of all six certificates under Keystore properties of the System property file and when I run, Jmeter starts taking the SIX certificates in a sequel, but it didn't work
Is there any other configurations I can use?
Can you please help me in achieving this
Put all your certificates into a Java Keystore
Point JMeter to use the keystore by manipulating javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword system properties
Add Keystore Configuration element which will traverse the certificates in the keystore and use the different certificates for each thread (virtual user)
You can take a look at How to Use Multiple Certificates When Load Testing Secure Websites article which contains step-by-step instructions on setting up keystore and JMeter
While associating J-Meter plugin jar file in lib/ext folder of J-Meter Setup,I am getting SSL certificate error after clicking 'Plugin manager' from 'Options' Menu.Could you please assist me for the same?
Thanks
Amitenter image description here
Most probably you're behind the corporate proxy which uses an SSL certificate for securing the traffic between itself and clients.
Java uses cacerts file to check the validity of the SSL certificates and you're getting this error because the certificate is not known to Java.
The solution would be obtaining the certificate from the proxy server (it can be done using either OpenSSL or just a web browser) and adding it to the Java cacerts
You can also try downloading Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files, it might be enough to resolve your issue.
More information:
How to Install the JMeter Plugins Manager
Plugins Manager Network Configuration
I am new to Jmeter. I wanted to setup jmeter to stress test my server (tomcat) serving APIs. As part of which my backend server is MASSL enabled and hence i need to configure the same in jmeter. I have .cert and .key files (with a pass phrase) which I configure in postman to trigger the API endpoints.
How to setup these certificate configurations in Jmeter?.
You need to convert these certificates into something JMeter can understand (a .jks or .p12 Java Keystore), the conversion can be made using OpenSSL tool or a GUI-based solution like KeyStore Explorer
Once you have the Java Keystore with your certificate(s) you can "tell" JMeter to use this keystore for sending client-side certificates by following JMeter Properties:
javax.net.ssl.keyStore=/path/to/your/keystore
javax.net.ssl.keyStorePassword=your keystore password
javax.net.ssl.keyStoreType= your keystore type (JKS or PKCS12)
the settings need to go into system.properties file or can be passed to JMeter via -D command-line argument like:
jmeter -Djavax.net.ssl.keyStore=/path/to/your/keystore -Djavax.net.ssl.keyStorePassword=your keystore password ....
More information: How to Set Your JMeter Load Test to Use Client Side Certificates
We set up Jmeter for performance testing over HTTPS with client certificates (via SSL Manager). It works like a charm if we run it from GUI. But, if we start distributed testing we get a bad certificate error.
How to pass the certificates & password to the slaves?
You can configure the certificates using Java SSL System Properties
I.e. add the following lines to system.properties file on each remote slave machine:
javax.net.ssl.keyStore=certificate.p12
javax.net.ssl.keyStorePassword=secr3t
javax.net.ssl.keyStoreType=pkcs12
amend above values to match your settings
JMeter restart will be required to pick the properties up.
You can also pass the values via -D command-line arguments like:
jmeter -Djavax.net.ssl.keyStore=certificate.p12 -Djavax.net.ssl.keyStorePassword=secr3t -s ...
See How to Set Your JMeter Load Test to Use Client Side Certificates article for more detailed explanation.