I try to add a p12 file to JMeter 3.3 configuration to reach a site.
I added following lines to system.properties file:
javax.net.ssl.keyStoreType=pkcs12
javax.net.ssl.keyStore=C:\certs\mycert.p12
javax.net.ssl.keyStorePassword=mypassword
After that I restarted JMeter, but got the same error, javax.net.ssl.SSLHandshakeException. I converted p12 file with keytool to jks and added the following lines to same file by replacing previous ones.
javax.net.ssl.keyStore=C:\certs\mycert.jks
javax.net.ssl.keyStorePassword=mypassword
Error message is the same in this case too:
Response code: Non HTTP response code:
javax.net.ssl.SSLHandshakeException Response message: Non HTTP
response message: Received fatal alert: handshake_failure
I use HTTP Client 4 as implementation for HTTP Samplers. When I import same certificate to browser, it is working correctly.
I tried to follow this tutorial too: How to configure JMeter to use client side SSL
You can use Options -> SSL Manager option, where you can select your .p12 file to be used in current Test plan.
Related
I've try to apply my CA certificate to Solr. I've already reach solr with http or self-signed certificate following their own recipe in there: enabling ssl
But, when I try to apply my CA certificate I take an error : "HTTP ERROR 404 javax.servlet.UnavailableException: Error processing the request. CoreContainer is either not initialized or shutting down."
Full error message that I've take on browser
My solr.in.sh config is:
SOLR_SSL_ENABLED=true
SOLR_SSL_KEY_STORE=/etc/default/mykeystore
SOLR_SSL_KEY_STORE_PASSWORD=********
SOLR_SSL_TRUST_STORE=/etc/default/mykeystore
SOLR_SSL_TRUST_STORE_PASSWORD=********
SOLR_SSL_NEED_CLIENT_AUTH=false
# SOLR_SSL_WANT_CLIENT_AUTH=false
#SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION=true
SOLR_SSL_CHECK_PEER_NAME=false
SOLR_SSL_KEY_STORE_TYPE=JKS
SOLR_SSL_TRUST_STORE_TYPE=JKS
I followed this two link for convert my pem file to key store: first:1 then:2 (I applied just fourth step in second link) then named the file as mykeystore.
I tried a lot of solution which some of them in stackoverflow. But none of them are my answer. Any help, any idea can be very useful. I'm totally stuck. What can I do/check?
I am getting below certification error while i am trying to call any API https://:8243/ from a react based frontend application. I have defined my rest API in wso2 EI 6.3. I am not using wso2 APIM.
What i did to resolve this issue:
1. I created a new self signed certificate and created a new key store. Updated carbon.xml, axis2.xml file. Restart the server. I am able to see my certificate in wso2 Ei GUI.
2. I accepted the certificate in browser.
But still i am not able to get rid of this error.
Is this error coming due to self signed certificate? If i will be using any CA signed certificate then this issue will not be there?
Any help or pointer is highly appreciated.
[2020-04-07 08:54:48,841] [-1] [] [HTTPS-Listener I/O dispatcher-2] ERROR {org.apache.synapse.transport.passthru.SourceHandler} - I/O error: Received fatal alert: certificate_unknown
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1647)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1615)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1781)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1070)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:896)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:245)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:280)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:410)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
at java.lang.Thread.run(Thread.java:748)
BR//
Vipin Nirwal
I was able to resolve this issue. I followed the below steps.
I created a self CA first. Then created a certificate signed by my own CA. Import the root certificate of my CA into the browser As this CA needs to be trusted by browser.
After this update carbon.xml, files inside axis2 directory and catalina-server.xml file with proper jks file and password for keystores.
Restarted the server.
You can try to debug it yourself by enabling SSL debug logs in the EI server. In the SSL logs, you can check whether the client certificate and the server certificate is matching. Have a look at the following blog.
https://medium.com/#nipunadilhara/enabling-ssl-debug-logs-for-wso2-products-30833d5de88e
I am getting
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
while calling identity server endpoint from enterprise integrator, although we have generated the SSL certificate and it is imported in the truststore.jks but still getting this error.
While testing the connection it says Successfully connected to identity server but while calling the endpoint it gives SSL exception on the console.
Message = Going to send Request to IS.,MessageCode = null,ErrorMessage = null,ErrorDetail = null,ErrorException = null {org.apache.synapse.mediators.builtin.LogMediator}
TID: [-1] [] [2017-11-07 07:14:54,841] ERROR {org.apache.synapse.transport.passthru.TargetHandler} - I/O error: Received fatal alert: certificate_unknown {org.apache.synapse.transport.passthru.TargetHandler}
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
Try setting the truststore manually. Open wso2ei-6.1.1/bin/integrator.sh and add javax.net.ssl.trustStore like this.
-Dorg.wso2.ignoreHostnameVerification=true \
-Djavax.net.ssl.trustStore="$CARBON_HOME/repository/resources/security/client-truststore.jks"
org.wso2.carbon.bootstrap.Bootstrap $*
status=$?
done
I hope you found the issue. I faced the same problem some days ago, so I'm writing the solution for the record.
To solve this you need to import each product certificate in the truststore of the other.
Go to WSO2 EI and extract the certificate from wso2carbon.jks
Add the certificate to the client-truststore.jks file in the WSO2
IS
Go to WSO2 IS and extract the certificate from wso2carbon.jks
Add the certificate to the client-truststore.jks file in the WSO2
EI
We faced the same problem, when WSO2 IS version was prior to v5.4.0, but instead of extracting the certificate from wso2carbon.jks as Gabriel said, we extracted the certificates from the browser, opening the carbon console on both WSO2 EI and WSO2 IS. For some reason, the localhost certificate returned in the browser is different than the one stored in the wso2carbon.jks for WSO2 EI (tested on version 6.1.0 and 6.1.1). One reason could be that it's returning the localhost certificate from the JVM's keystore. That's why it's better to get it from the browser.
Open in browser https://localhost:9443/carbon of WOS2 IS. (Firefox: Click on locker in the address bar -> Connection -> details -> More Information -> Security tab -> view Certificate -> Details tab -> Export... -> save as X.509 Certificate (PEM); Chrome: click on Not Secure warning in address bar -> Certificate -> Details tab -> Copy to File ... -> Next -> Select the format -> Base-64 encoded X.509 (.CER) -> Next ...)
Import the certificate into {WSO2_IS_HOME}/repository/resources/security/client-truststore.jks. Eventually use KeyStore Explorer tool for easier way.
Open in browser https://localhost:9444/carbon of WOS2 IS (we have offset 1 for WSO2 IS) and do the same as at point 1.
Import the certificate into {WSO2_EI_HOME}/repository/resources/security/client-truststore.jks.
Need your help in setting the SSL manager in Jmeter for performance testing with IBM datapower.
I tried the below steps to Add cert.
• Added (* .jks /*.p12 ) file in the jmeter GUI > Options > SSL Manager.
• I tried the setting the jks file in system.properties file too.
Path : *\jMETER\apache-jmeter-3.0\apache-jmeter-3.0\bin\system.properties
# Truststore properties (trusted certificates)
#javax.net.ssl.trustStore=/path/to/[jsse]cacerts
#javax.net.ssl.trustStorePassword
#javax.net.ssl.trustStoreProvider
#javax.net.ssl.trustStoreType [default = KeyStore.getDefaultType()]
# Keystore properties (client certificates)
# Location
javax.net.ssl.keyStore=****.jks -- Added
#
#The password to your keystore
javax.net.ssl.keyStorePassword=****-- Added
#
#javax.net.ssl.keyStoreProvider
#javax.net.ssl.keyStoreType [default = KeyStore.getDefaultType()]
I dont see the SSL handshake jMETER and datapower even after i followed ablove steps. Getting below error from datapower.
12:47:26 AM ssl error 51751363 10.123.98.73 0x806000ca valcred (###_CVC_Reverse_Server): SSL Proxy Profile '###_SSLPP_Reverse_Server': connection error: peer did not send a certificate
12:47:26 AM mpgw error 51751363 10.123.98.73 0x80e00161 source-https (###_HTTPS_FSH_CON_****): Request processing failed: Connection terminated before request headers read because of the connection error occurs, from URL: 10.123.98.73:58394
12:47:26 AM ssl error 51751363 10.123.98.73 0x8120002f sslproxy (####_SSLPP_Reverse_Server): SSL library error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
Can you please advice how to send the cert(.jks/ .p12) file from jmeter.
Change "Implementation" of your HTTP Request sampler(s) to Java. The fastest and the easiest way of doing this is using HTTP Request Defaults.
If you're using .p12 keystores you will need an extra line in the system.properties file like:
javax.net.ssl.keyStoreType=pkcs12
JMeter restart is required to pick the properties up.
See How to Set Your JMeter Load Test to Use Client Side Certificates article for more information.
I am receiving the following error while trying to connect my REST webservice using HTTP adapter in IBM Mobile First:
"errors": [
"Runtime: Http request failed: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty"
I am passing the user id and password in a base64 encoded format in the headers section of my input.
How do I resolve this error?
Yoel's answer got me on track: your adapter is doing an SSL request to a server that is not trusted by the keystore in your MobileFirst server.
You need to import in your server's keystore the certificate chain of the server that you are trying to reach. What I did was
From Firefox, export the certificate chain in PEM format (.crt extension).
In the server/conf folder of your project, import the certificate chain file. If you are using the defaults form the worklight.properties file, this will do it:
keytool --import -keystore default.keystore -storepass worklight -file remoteServer.crt
This bizarre message means that the truststore you specified was not
found, or couldn't be opened due to access permissions for example.
Quote from: Error - trustAnchors parameter must be non-empty
Author: #EJP
Similar question:
got java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty when using cas