When I was working on facebook.com to recorded the login process using jmeter, then I came across the following error message. what should we do in such condition in order to surpass this step and directly gets login into the facebook application using the proxy server setting for the recording purpose.
The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issue)
As per Recording HTTPS Traffic with JMeter's Proxy Server I believe that it'll be quite enough to clear your browser history.
Related
I am having some trouble and need some help. I am trying to connect a website to authenticate to Active Directory through LDAP using DNN.ActiveDirectory, but I can only get the "Check Root Domain" portion to pass. Using ldp.exe on the server I am able to connect to the domain controller and query the users on it with the same user name and password I am trying to use with the plugin, and even using my domain admin account makes no difference. I have tried it with every authentication type, changing the root domain (only way that would get the check root domain to pass is the LDAP://domain.local), with/without the domain in front of the username, and with/without the default domain filled out.
I don't have access to the error logs at the moment since I am not at that office yet, so I will get those posted when I can. If I remember correctly the error being logged was an authentication error. LDAP initially wasn't configured on the domain controller so I had to set that up, and admittedly I am not too familiar with it so I followed this guide: https://techcommunity.microsoft.com/t5/sql-server-blog/step-by-step-guide-to-setup-ldaps-on-windows-server/ba-p/385362. I am using the default ports. I stopped before setting up LDAPS, but when I couldn't get that to work I continued through up to the signing the certificate part. I was working on getting the certificate signed when I came across notes that DNN.ActiveDirectory doesn't support LDAPS. My tests with successful connections using ldp.exe were all against port 389. Are there some extra configurations that are needed to get DNN.ActiveDirectory working that weren't covered in that guide, or any common snags I should be aware of?
DNN.ActiveDirectory has not been maintained for a while, and does not support LDAPS afaik - see Checking Root Domain step fails.
My recommendation is to have a look at AD-Pro Authentication.
Can anyone shet some light on how I can debug the matching of certificates configured in Postman?
Problem:
I’m trying to connect to a REST service using a SSL client certificate. I configured it in the settings tab the same way as in set-and-view-ssl-certificates-with-postman
When checking the console I don’t see the certificate being sent and get failure:c:\projects\electron\vendor\node\deps\openssl\openssl\ssl\s3_pkt.c:1494:SSL alert number 40
Context:
Postman v 6.4.2 running on windows 10
(for security reasons some information below replaced by dummy info)
Using the same certificate/key/password I can setup a connection using openssl. (checked for validity of certificates, TSL v1.1 and v1.2 supported, no SNI issues)
The server certificate is signed by a trusted CA (I tested with both --SSL certificate verification-- on and off )
In the Postman console I dont see the certifciate being sent.
---- [console output] ----
GET https://somehost:443/somepath?someparameter=9076443&somedate=2017-02-17T00:00:00.000
Error: write EPROTO 101057795:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:c:\projects\electron\vendor\node\deps\openssl\openssl\ssl\s3_pkt.c:1494:SSL alert number 40 101057795:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:c:\projects\electron\vendor\node\deps\openssl\openssl\ssl\s3_pkt.c:659:
Request Headers:
appid:“42”
cache-control:“no-cache”
ipaddress:“192.68.1.1”
postman-token:“some-token”
role:“Applicatie”
userid:“6x9”
---- [end console output] ----
image of certificate configuration
I matched, matched and rematched the hostname
A search on the interweb did not learn me anything I did not try yet…
Questions
Is there any debug option that will show the way the certificates are matched
is there any way I can force postman to pick a configured certificate
any other ideas on how to proceed on this problem
any help appreciated
Additional info
Monitoring with wireshark shows no certificate is sent.
(Postman console did not show a certificate being sent. I assume from examples that it will log which certificates it will/does send for a given request)
snippet wireshark output
Postman app in chrome
it does work from chrome, using the chrome keystore
Using the pk12 form of the same key (original postman request uses the .cer form) imported into the chrome keystore, the requests work.
Chrome app will not do
Obvious question is: “why not keep using the chrome app”
because its depricated and we use the newer 6.x test functions not supported in version 5.x
Question posted on Postman help forum with no answer about a week ago:
OP on postman helpforum
Additional additional info
It works on newman
I had same issue when I typed path to CRT and KEY files instead of using file dialog.
Just click Choose File button instead of pasting file path when adding certificate.
If you can download postman app then there is an option under preference/certificate and under there is an option 'Client Certificate'.
You need to provide both .cert and .key file into respective section, provide host name and key password if any. Click "save". next time you send a request matching hostname , postman app will send the certificate along with the way. You can validate in console output.
I am using Runscope only for a short time now however it seems pretty straight forward. I have had no problem with other APIs, however for this current one I am having problems.
The error I am getting is the following:
Error contacting host SSL: certificate is valid for *.hostgator.com,
hostgator.com, not NflArrest.com To turn off SSL verification for
this test, change your test's behavior settings, see
https://www.runscope.com/docs/api-testing/behaviors for more details
From the documentation I read here:
SSL Certificate Verification
By default, Runscope will only relay responses if the SSL certificate from the upstream API provider is valid and trusted. To bypass this protection (for instance if you're using a self-signed certificate) on a per-bucket basis, select Bucket Settings in the left sidebar and deselect the option to 'Verify SSL Certificates'.
I have done that so to my knowledge it should work. However I still get the same error. The API documentation I am using can be found here.
Test's don't use the bucket setting, that's just for Gateway URLs/Traffic Inspector. To disable SSL verification in your test, expand the "Environment" section at the top of the test editor, select "Behaviors" and untoggle it there.
I have been trying to resolve this for some time now. I tried googling for this problem but didn't manage to find anything. All the questions I found were about replaying already recorded HTTPS requests.
So, I need to record HTTPS requests on a site protected with simple authentication (the pop-up window asking for username and password).
And this is where I get stuck. I enter correct login details and confirm it, nothing happens and in a second i get prompted to enter login details again, no error message nothing. When I press ESC I get 401 UNAUTHORIZED error.
Basically the site is acting as if the login details were incorrect when in fact I tried the same login details without Jmeter's proxy and the server accepted it.
What I tried:
1) Logging into this site without JMeter's proxy - works without problem
2) Recording different HTTPS site with JMeter's proxy - I tried my email and that works correctly as well
I should also mention that I am behind a company proxy, but I tried it at home and the result was same.
As for JMeter configuration, I am using everything on default having:
Thread Group
HTTP Cache Manager
HTTP Cookie Manager
HTTP Request Defaults
Recording Controller
HTTP(S) Test Script Recorder
Guessing the Thread Group doesn't really matter since I don't run any tests, only recording.
Additional Details:
Server:IIS
Logging into sharepoint website
EDIT:
Forgot to mention I tried already Blazemeter Extension, but when i try to record the logging session, it just freezes. Website hangs on trying to contact Blazemeter Cloud and Blazemeter plugin freezes, making it imposssible to stop recording and having to restart whole browser.
Also just noticed that when I am already logged in and try to access the site it records it without any issue. So it's only the login which is problematic for some reason.
JMeter removes cookies and authorization headers while recording.
You can use JMeter Chrome Extension as an alternate way of recording your test scenario.
In order to properly replay the recorded script you'll need to add HTTP Authorization Manager to it .
Sharepoint can have different authentication types, i.e.
Basic HTTP Authentication
Windows Integrated Authentication (NTLM)
Kerberos
See Windows Authentication with Apache JMeter guide to learn how to bypass each authentication challenge in your JMeter test.
So I was able to finally resolve this. The issue lied in sharepoint authentication. I was logged in a domain with my personal account, but was trying to access the sharepoint using a different account.
Sharepoint ignored the login details I was prompted to enter and used mw domain credentials instead. So the answer for me was to access the sharepoint website while being logged into domain(windows) with the same account.
I am trying to implement the Apache authentication through PKI digital certificates stored on token / smart card.
I'm using XAMPP 5.6.8.0-VC11 on a Windows 7 computer.
Following what I found searching the internet, I uncommented the following settings httpd-ssl.conf file in the Apache configuration:
SSLVerifyClient require
SSLVerifyDepth 10
From there, access to https: // localhost, the browser (IE 11, Chrome 43 and FF 38) display the digital certificate of the screen (use an e-CPF in standard ICP-Brazil, stored in token) and requests the password.
After entering the password and press ENTER, the behavior in browsers is as follows:
In IE, I is shown a page with the message "This page can not be displayed".
In FF, is loading the page indefinitely.
In Chrome, you see the message "Authentication based on certificate failed" ERR_BAD_SSL_CLIENT_AUTH_CERT and clicking on "details" appears:
"This server requires a certificate for authentication and did not accept the one sent by the browser. Your certificate may have expired or the server does not trust the issuer. Try again with a different certificate, if you have one, or you must obtain a certificate valid from somewhere else. "
Already tested several additional settings I found on the internet, but nothing works.
I have also changed the Windows Internet options regarding SSL and TSL, also successful.
I would like to figure out how to implement authentication with digital certificates for a more secure login system that esté in development.
Has anyone experienced this or know how to solve the issue?