Jmeter- how to include external .p12 SSL certificate - jmeter

exception Jmeter throws-
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.ibm.jsse2.qc.a(qc.java:422)
at com.ibm.jsse2.qc.h(qc.java:714)
at com.ibm.jsse2.qc.a(qc.java:831)
at com.ibm.jsse2.qc.startHandshake(qc.java:828)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:553)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:412)
at org.apache.jmeter.protocol.http.sampler.LazySchemeSocketFactory.connectSocket(LazySchemeSocketFactory.java:97)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:179)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:328)
at org.apache.jmeter.protocol.http.sampler.MeasuringConnectionManager$MeasuredConnection.open(MeasuringConnectionManager.java:114)
Is there any specific Java version need to be used?
Jmeter version is - 3.1

Just add the next lines to system.properties file (located in the "bin" folder of your JMeter installation)
javax.net.ssl.keyStoreType=pkcs12
javax.net.ssl.keyStore=/path/to/your/certificate.p12
javax.net.ssl.keyStorePassword=your_certificate_password_here
Another option is providing the aforementioned properties via -D command-line argument like:
jmeter -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStore=/path/to/your/certificate.p12 -Djavax.net.ssl.keyStorePassword=your_certificate_password_here
This is more convenient for unattended executions, i.e. using Continuous Integration servers
Restart JMeter to pick the properties up
Now JMeter will be using your client certificate for requests encryption
See How to Set Your JMeter Load Test to Use Client Side Certificates for more details.
Alternatively you can use SSL Manager, however personally I consider using system properties more convenient.

Related

Jmeter cannot find keytool application and no keystore was provided. Tried alll

Im working with Jmeter, trying to running it as a proxy, but when I start recording, I got this alert. I tried setting user.properties, but i can’t find a solution. Please, so grateful if you help me!
In order to be able to record HTTPS traffic JMeter generates special MITM certificate which needs to be installed in the browser
In order to be able to generate the certificate JMeter needs keytool command which normally lives in "bin" folder of JDK or JRE
So make sure to add the "bin" folder of your Java installation to your operating system PATH and it should resolve your issue.
Example command on Windows:
setx PATH=c:\java\bin;%PATH% && jmeter.bat
Example command on Unix and derivatives:
PATH=/opt/java/bin:$PATH && ./jmeter.sh
Replace c:\java or /opt/java with the real path to your JDK or JRE installation.
You should get something like:
if you launch JMeter from the same terminal window you will be able to start the HTTP(S) Test Script Recorder without any issues
Also be aware that there is an easier way of recording a JMeter test: JMeter Chrome Extension, in this case you won't have to worry about proxies and SSL certificates

JMeter - Add Client side Certificate and key

How can we add a client-side certificate and key to JMeter Script?
Every time I'm navigating to JMeter -> Options -> SSL Manager and browsing the Certificate and entering the password then it's only allowing me to run the script successfully, else I'm getting the forbidden error access denied.
I have tried the below steps, but still facing the same issue:
Added below lines in JMeter properties:
javax.net.ssl.keyStoreType=pkcs12
javax.net.ssl.keyStore=C:\certs\mycert.p12
javax.net.ssl.keyStorePassword=password
Tried using the JSR223 Sampler in JMeter script but still no luck.
Thanks in advance.
Forget about jmeter.properties file, any customization of JMeter Properties should be done in user.properties file or in a separate copy of jmeter.properties which needs to be passed to JMeter via -p command-line argument
In your case you're trying to change System Properties so you need to put these lines to system.properties file
JMeter restart will be required to pick the properties up
More information:
Configuring JMeter
How to Set Your JMeter Load Test to Use Client Side Certificates

Jmeter failed to download plugins repository

I need to use jmeter on a working machine without internet access. I installed Apache Jmeter 5.2.1 myself, downloaded plugins-manager.jar and put it into lib / ext directory, then restarted JMeter.
But when I try to go to Jmeter -> Options -> Plugins Manager, I see this error:
If you need add Plugins(jars) to the system without Internet Connection you have to manually download them on another system with internet connect and then you can move the jars to
Jmeter (Folder)
|->Lib (Folder)
|->ext (Folder)
Paste the Jars into the ext folder and restart the Jmeter can solve the problem.
UnknownHostException means that the Plugins Manager is not able to get the address of the plugins repository.
Most probably your machine doesn't have direct Internet connection and requires a proxy in order to reach to the external hosts.
You need to configure JMeter to use your corporate proxy address, port and in some cases username and password, it can be done in 2 ways:
Via JMeter command-line arguments like:
jmeter -E https -H my.proxy.server -P 8000 -u username -a password -N localhost
Via system.properties file (located in "bin" folder of your JMeter installation):
http.proxyHost=my.proxy.server
http.proxyPort=8080
https.proxyHost=my.proxy.server
https.proxyPort=8080
JMeter Plugins Manager respects JMeter's proxy settings so given you're able to successfully execute HTTP Request samplers you should be able to download the plugins as well.
References:
Using JMeter behind a proxy
Apache JMeter Properties Customization Guide
Plugins Manager Network Configuration -> Using Behind the Proxy

I can't get 'create-rmi-keystore.bat' to run on windows, is there a solution to this?

I am new to Jmeter 5.1.1 however I am in the process of setting up a remote testing with it.
One step I'm having trouble with is running 'create-rmi-keystore.bat' when I double click it nothing happens. I have tried to open it using the command line and get the following message.
'keytool' is not recognized as an internal or external command,
operable program or batch file.
"Copy the generated rmi_keystore.jks to jmeter/bin folder or reference it in property 'server.rmi.ssl.keystore.file'"
I don't seem to have a rmi-keystore.jks .
Has anyone managed to solve this issue?
You don't have keytool utility in your Windows PATH, all you need to do is to ensure that it's there.
Solution using Windows Command Prompt would be:
set PATH="path\to\bin\folder\of\your\JDK\or\JRE\installation";%PATH%
In general if you don't need the secure RMI communication between JMeter master and slave machines (and 99% of people don't need this as it doesn't add any value and only creates overhead in terms of CPU and RAM) you can just disable this functionality by adding the next line to user.properties file:
server.rmi.ssl.disable=true
References:
Remote hosts and RMI configuration
Apache JMeter Properties Customization Guide
If you do this on JMeter master and all the slaves you will not have to worry about the RMI keystore, but I would still recommend having the keytool in the PATH otherwise you will not be able to use HTTP(S) Test Script Recorder for recording secure traffic.

JMeter - Error when starting test plan- keytool error: proxysever.jks (access is denied)

I am following JMeter User guide to start recording my first test plan. When I click the Start button in HTTP Test Script Recorder, I got this error:
Could not create script recorder – see log for details >> keytool error:java.io.FileNotFoundException: proxyserver.jks (Access is denied)
How could I fix this error? Thanks in advance.
Background: JMeter creates a self-signed SSL certificate in order to be able to decrypt and record HTTPS requests, this proxyserver.jks is a Java Keystore which is being generated by JMeter in its "bin" folder when you start HTTP(S) Test Script Recorder proxy
Explanation: The error you are getting most probably indicates that you don't have permissions to write anything into the "bin" folder of your JMeter installation
Workarounds:
You can try launching JMeter with elevated rights (run as administrator or superuser or whoever having write access to JMeter's "bin" folder
You can change the location where JMeter tries to generate this proxyserver.jks file by adding the next line to user.properties file:
proxy.cert.directory=/path/to/folder/where/you/have/write/access
JMeter restart will be required to pick the property up.
Another option is passing the property value via -J command-line argument like
jmeter -Jproxy.cert.directory=/path/to/folder/where/you/have/write/access -n -t ....
Check out Apache JMeter Properties Customization Guide for more information regarding JMeter properties and ways of setting and overriding them
One workaround that worked for me was to start JMeter.bat from bin folder from cmd which was "run as administrator". After this, the error was gone.

Resources