I am using the luminati / Brightdata proxy manager and have puppeteer connected to it locally. All of this exists within a docker-compose network that I created for local dev.
The problem I have occurs when I turn on SSL analyzing and I get the net::ERR_CERT_INVALID error from puppeteer.
Is there a way for me to just supply the .crt file to the puppeteer browser on launch so it trusts the certificate? The luminati cert can be found here https://raw.githubusercontent.com/luminati-io/luminati-proxy/master/bin/ca.crt.
I have tried supplying the chromium --ignore-certificate-errors flag, and this works on the proxy managers' end, but it does not work for logging into my target site.
Related
Please before you say this has been asked on stack overflow, I have looked at each one of the answers and none of them are working as a solution.
No matter what I do HTTPS websites not working with JMeter recorder.
Using FireFox 63.03
Using JMeter 5.0
Mac OS
Here are my steps: (https://www.youtube.com/watch?v=amEHuq8auTU)
1). Create New Test Plan
2). Added a thread group
3). Added HTTP(S) recorder
4). Using port 8282 (tried 8080 earlier so trying others)
5). redirect automatically, follow redirects checked
6). Select HTTPS test script recorder for target controller
7) Add the HTTPS site (without the https)
8). Click Start
9). Getting prompted that ApacheJMeterTemporaryRootCA.crt is created
10. Triple checked that all previous ApacheJMeterTemporaryRootCA.crt are deleted in firefox cert settings
11). Install the new certificate with the two permissions checked (identify websites, identify users)
12). Now when I go to the site that I added in step 7. I get :
jmeter SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG in the browser.
When I check the jmeter logs:
I get:
2018-11-23 13:14:48,287 INFO o.a.j.p.h.p.Proxy: [50795] KeyStore for SSL loaded OK and put host 'blue.mysite.com' in map with key (blue.mysite.com)
2018-11-23 13:14:48,308 INFO o.a.j.p.h.s.h.LazyLayeredConnectionSocketFactory: Setting up HTTPS TrustAll Socket Factory
2018-11-23 13:14:48,313 INFO o.a.j.u.JsseSSLManager: Using default SSL protocol: TLS
2018-11-23 13:14:48,313 INFO o.a.j.u.JsseSSLManager: SSL session context: per-thread
2018-11-23 13:14:48,326 INFO o.a.j.u.SSLManager: JmeterKeyStore Location: type JKS
2018-11-23 13:14:48,326 INFO o.a.j.u.SSLManager: KeyStore created OK
2018-11-23 13:14:48,327 WARN o.a.j.u.SSLManager: Keystore file not found, loading empty keystore
2018-11-23 13:14:49,606 INFO o.a.j.p.h.p.Proxy: [50788] KeyStore for SSL loaded OK and put host 'www.google.com' in map with key (www.google.com)
2018-11-23 13:14:49,613 WARN o.a.j.p.h.p.Proxy: [50788] Problem with SSL certificate for url for 'www.google.com'? Ensure browser is set to accept the JMeter proxy cert: readHandshakeRecord
2018-11-23 13:14:49,613 WARN o.a.j.p.h.p.Proxy: [50790] Problem with SSL certificate for url for 'www.google.com'? Ensure browser is set to accept the JMeter proxy cert: readHandshakeRecord
2018-11-23 13:14:49,613 WARN o.a.j.p.h.p.Proxy: [50789] Problem with SSL certificate for url for 'www.google.com'? Ensure browser is set to accept the JMeter proxy cert: readHandshakeRecord
2018-11-23 13:14:56,059 INFO o.a.j.p.h.p.ProxyControl: [50805] Creating entry getpocket.cdn.mozilla.net in /usr/local/Cellar/jmeter/5.0/libexec/bin/proxyserver.jks
2018-11-23 13:14:59,048 INFO o.a.j.p.h.p.Proxy: [50805] KeyStore for SSL loaded OK and put host 'getpocket.cdn.mozilla.net' in map with key (getpocket.cdn.mozilla.net)
2018-11-23 13:14:59,184 ERROR o.a.j.p.h.p.Proxy:
javax.net.ssl.SSLProtocolException: Broken pipe (Write failed)
I have done this a lot of times and have played around with settings. Nothing seems to work. I even switched the url to 'https://yahoo.com' and to another personal site 'https://lawyeranalytix.com' thinking maybe the site I am trying to test has a flawed SSL implementation but it is the same with any SSL enabled site.
There seems to be an issue between the JMeter proxy recorder and TLS 1.4. I solved the issue by limiting the Firefox TLS version to 1.3.
To do this :
Go to about:config in Firefox
Set security.tls.version.fallback-limit and security.tls.version.max to 3.
Then I was able to record as expected.
Try to downgrade to oracle java jdk 10, it solved the problem for me.
for further reference:
https://support.portswigger.net/customer/portal/questions/17434431-gettin-error-code-ssl-error-rx-record-too-long
EDIT: or use openjdk 8
Problem with SSL certificate for url for 'www.google.com'? Ensure browser is set to accept the JMeter proxy cert
It appears that you failed to install JMeter's certificate to Firefox.
Try clearing your Firefox history and ensure to delete everything from the beginning of the time - it will include custom certificates. Restart Firefox once done.
Check out the following materials:
HTTPS recording and certificates chapter of the HTTP(S) Test Script Recorder user manual chapter
Recording HTTPS Traffic with JMeter's Proxy Server
Also be aware of the alternative ways of recording a JMeter test:
JMeter Chrome Extension
Using Badboy with JMeter
Remove the expired certificate.
Import new certificate from bin folder.
Verify certificate date is valid.
Then you will be able to work with HTTPS.
I have a digitalocean droplet where I have hosted a Laravel application App Url . I have added a SSL using Tutorial Link. But when I run the application in https it returns 404 page not found error. can anyone check the issue. Config file ( assamgas.tk.conf ) is below.
I'm seeing two things wrong here.
1) The web server is not redirecting to port 443 (SSL/HTTPS)
2) The certificate is not present.
I could not find any certs through HTTPS on your server.
I suggest, run through the tutorial again, or try this DigitalOcean tutorial
Don't generate too many production certificates while you test, rather use the Let's Encrypt staging server for your testing, when you get the self-signed certificate, then you switch over to the production server for Let's Encrypt, otherwise you will get Rate Limited for a week.
I've already purchased the SSL Certifcate from DigiCert and install it into my Nexus server (running in tomcat, jks)
It works well in firefox and chrome(green address bar indicates that a valid certificate received) , builds could be downloaded from Nexus WebUI too.
But, wget could not get the result without --no-check-certificate
something like
ERROR: cannot verify mydomain.com's certificate, issued by `/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3':
Unable to locally verify the issuer's authority.
To connect to mydomain.com insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
Found something,
SSL connection fails with wget, curl, but succeed with firefox and lynx
linux wget not certified?
But neither of them gives a final solution, I want to know whether there are some (special) configurations on Nexus or this's a bug of wget command?
Google return many results about "digitcert wget",but I cannot find a clue either, Thank you!
You need to add the DigiCert root certificate to a store accessible by wget:
http://wiki.openwrt.org/doc/howto/wget-ssl-certs
I am using Windows XP and running Tomcat 6.
I am trying to enable SSL on Tomcat. First, I tried it with client authentication.
It didn't work - and I configured it to work without client authentication.
I have certificate installed on the tomcat server, and also the CA certificate installed on the browsers (IE & FireFox).
It still doesn't work.
In IE the server doesn't throw any exception except for EOFException.
In FireFox it throws SSLHandeShakeException: Remote host close the connection.
Can anyone help?
Thanks.
The SSL configuration as provided in the comments is highly suspect - particularly the keyStorePass attribute. I suggest you work from the Tomcat SSL docs and proceed in the following order:
Get https working from a browser with a self-signed certificate
Then get it working with a proper certificate
Then try and add client certificate authentication
This does all work. It is tested as part of the Servlet TCK and every Tomcat release passes the TCK.
I have open ssl installed on the server, all the key ,csr and crt on the server. Configured apache conf to the correct path for key and cert but i don't see a lock in the url(firefox 3.6.2).In chrome it shows https crossed out with red.Does this mean the certificate is not working properly? I have apache2 as the web server.
tls provides both encryption and authentication.
Encryption means that outsiders are unable to read your traffic.
Authentication means that you are confident of the identity of the host your are communicating with.
If chrome crosses out the https, it means that you are using tls, and you have probably set up encryption properly, but chrome is not confident in the authentication of the server. Typically, this is caused by an untrusted certificate; either the subject does not match, or the CA is not trusted.
If you are using a self-signed cert, then it's probably an untrusted CA. Installing the CA into chrome should fix the problem.
I face same problem some time ago that I have installed the SSL certificate successfully but still it show cross on browser address bar, I found the issue was caused due to a image and a javascript file which was included as absolute HTTP url. I change absolute URL to relative and now both files were loading over HTTPS and browser show green bar.