P12 certificate file is needed to execute testcase. I set it in JMeter in Options -> SSL Manager. It asks for password when testcase is executed, but it is working just until JMeter is restarted. After that I have to provide it again in SSL Manager.
Add the next lines to system.properties file (lives under "bin" folder of your JMeter installation)
javax.net.ssl.keyStoreType=pkcs12
javax.net.ssl.keyStore=/path/to/certificate.p12
javax.net.ssl.keyStorePassword=certificate_password
JMeter restart will be required to pick the properties up
Alternatively you can pass the aforementioned properties to JMeter startup script via -D command-line arguments like:
jmeter -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStore=/path/to/certificate.p12 -Djavax.net.ssl.keyStorePassword=certificate_password
References:
Configuring JMeter
Overriding Properties Via The Command Line
How to Set Your JMeter Load Test to Use Client Side Certificates
Set in system.properties:
javax.net.ssl.keyStorePassword=password of file
javax.net.ssl.keyStore=path to file
Related
I am running a JMS point to point sampler for TIBCO EMS queue testing. I have added all the tibco ems jars to jmeter lib folder. Configured the queue details, context factory, user credentials in JMS sampler.
When hitting the TIBCO ems with tcp request for queue, it is working. But while hitting with SSL url it is failing to connect.
I tried below way to attach the Self signed certificate given by tibco team
added the .pem file (only begin and end certificate) to JAVA JDK cacerts file and opened Jmeter in command line with -Djavax.net.ssl.keystore=cacerts with password. The SSL request failed to connect with tibco ems server
extracted the certificate from server through openssl -connect commands, copied the begin & end certificate sections to .cer file and used keytool to add them to trustore. Started jmeter with this truststore. the JMS sampler still failed.
I understand the SSL certificate is not getting attached with JMS sampler when we are running it. Can some one help out with steps to successfully attached the SSL certificate to the JMS request.enter image description here
Looking into Configuring EMS over SSL on Application Servers I think you need to provide the following Java System properties:
com.tibco.tibjms.naming.security_protocol=ssl
jsse.providerClass=com.ibm.jsse2.IBMJSSEProvider2
com.tibco.tibjms.ssl.expected_hostname=xxxx
com.tibco.tibjms.ssl.enable_verify_host_name=false
com.tibco.tibjms.ssl.enable_verify_host=false
com.tibco.tibjms.ssl.trusted=/path/to/your/certificate.pem
The properties can either be put into system.properties file (lives in "bin" folder of your JMeter installation) or passed via -D command-line arguments like:
jmeter -Dcom.tibco.tibjms.naming.security_protocol=ssl -Djsse.providerClass=com.ibm.jsse2.IBMJSSEProvider2 ....
References:
Java Secure Socket Extension (JSSE) Reference Guide
TibjmsContext
TibjmsSSL
Apache JMeter Properties Customization Guide
Overriding Properties Via The Command Line
I am working on setting up ssl to secure my end points. I got a test certificate created from my org
I have recieved a .pfx file
I converted it into .pem -----> .der -------> .jks format
We have basic infrastructure to put this .jks file in a folder called ssl and it gets picked up just by using a confg file.
Next I set up Jmeter to test this. Steps Followed
set up a test recorder --> set up an http get request that takes no parameters
2.changed protocol to https ---> given port no ---> set up host and path. This is correct as I have tested it with http and it returns fine.
Now when I try to test it I get an error Certificate_Unknown error.
I have tried searching the internet and StackFlow articles about testing SSL. I also stumbled upon an article which says I need to add the certificate to my java_home cacerts. I havenot been able to successfully test it. Any pointers to what I might be doing wrong or if I could test it in some other way would be very helpful.
I am comparatively new to SSL concepts and just learnt about formats, ssl etc.
Thanks in advance. :)
You don't need to convert .pfx file into .jks as .pfx files are basically PKCS 12 certificates and JMeter supports them out of the box
I fail to see where you "tell" JMeter to use the certificate. If your " basic infrastructure to put this .jks file in a folder called ssl and it gets picked up just by using a confg file" stanza is related to JMeter - you should address this question to the "infrastructure" providers. Otherwise you need to explicitly configure JMeter to use the certificate. Just add the next lines to system.properties file:
javax.net.ssl.keyStoreType=pkcs12
javax.net.ssl.keyStore=/path/to/certificate.pfx
javax.net.ssl.keyStorePassword=your certificate password
JMeter restart will be required to pick the properties up.
i have put in /u01/app/oracle/product/fmw/wlserver_10.3/server/lib/
2 files:
-trust.jks
-identity.jks
Then i have changed on Webblogic console, for Admin and managed servers,
the PATH to:
-Custom Identity Keystore
-Custom Trust Keystore
All looks good.
After weblogic restarts all servers are running, but
when i run this command on terminal ps -eaf|grep weblogic
i see this line:
-Djavax.net.ssl.trustStore=/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/DemoTrust.jks
As a result no one of my online interfaces are connecting.
I get the following error:
BEA-382513<con:reason>OSB Replace action failed updating variable "body": {err}FORG0005: expected exactly one item, got 0 items</con:reason>
Can someone help me to correct the path for my Servers so that it would look for trust.jks and not the DemoTrust.jks?
The way to fix this is by setting the flag on "SSL Listen Port Enabled"
thet can be found
Home >Summary of Environment >Summary of Servers >AdminServer -> Configuration/General.
After this we need to go to this view:
Home>Summary of Environment >Summary of Servers >AdminServer >Summary of Servers->Control
Select AdminServer and Click on Restart SSL.
To see if changes bin done we need to execute the command:
ps -eaf|grep weblogic
and look for
-Djavax.net.ssl.trustStore=/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/**trust.jks**
If the end has the trust key file,in my case i called it trust.jks, then the change was performed successfully.
I'm the newbee to the jmeter. I want to run same REst xml test cases run by the soapui. I need to know to do user/password configuration and tomcat keystore configuration for ssl enabled(https) request. Any help appreciated.
If you want to configure HTTP Basic authentication with JMeter, you can add in your thread group HTTP Authorization Manager element, if you select this element you can see the baseUrl, user and password fields, fill it with your server data.
To configure SSL to provide a client certificate to authenticate with JMeter, you can use KeyStore Configuration element. You need to generate a JKS keystore with your client keys, then add this java options to the java call to start your JMeter : -Djavax.net.ssl.keyStore=path_to_keystore -Djavax.net.ssl.keyStorePassword=password_of_keystore in order to reference your keystore. Then to use this keystore you only have to configure Alias start index and Alias end index in KeyStore Configuration element (if your keystore contains only 1 key you can put 0on both parameters).
Here there is the JMeter user's guide to KeyStore Configuration and HTTP Authoritzation manager.
Hope this helps,
I have osgi bundle which route message from webservice to remote ejb (on glassfish) by use of camel routing. In order to access remote jndi I need to set up truststore. How can I do that? Is it any configuration in camel route or I have to do it by system properties?
Without seeing your route, Have you tried the camel JSSE Utility?
you could try putting the following properties in the system.properties file within the etc folder:
javax.net.ssl.keyStore=<keystore location>
javax.net.ssl.keyStorePassword=<keystore password>
javax.net.ssl.trustStore=<truststore location>
javax.net.ssl.trustStorePassword=<truststore password>