Search code examples
javajmeterkeystorebeanshelljks

JMeter - Setting javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword based on application environment

We have 2 environments and for each we have a certificate PFX file. I tried to import these 2 certs to make one JKS/P12 file and tried to access cert based on alias name. Though I can see 2 entries using the command keytool -list -v -keystore "C:/yyyyy/xxxx.jks" -storepass "kdjfkdjfkdjf" > "C:/KeyStoreContents.txt", I am unable to access any of the cert and seeing the error 'alias not found'.

I there a way to set the values of javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword based on application environment?

I tried to set them in beanshell pre-processor with:

System.setProperty("javax.net.ssl.keyStore","C:/yyyyy/" + pOneTwoName + ".p12");
System.setProperty("javax.net.ssl.keyStorePassword", pOneTwoPwd);

It didn't work as well.

I also tried ${__P(javax.net.ssl.keyStore, C:/yyyyyy/QA.p12)} and ${__setProperty(javax.net.ssl.keyStore, C:/yyyyyy/QA.p12)} and none of the above worked.

Is there a way to load these values dynamically before Keystore Configuration element gets executed?

Solution

  • I am able to solve this issue with the below steps:

    1. Get all the certs(pfx) for the application environments
    2. Optional: Change the extension of the files to p12

    3. Set a meaningful alias names to these certs with the below command:

      keytool -changealias -alias "ExistingAliasName" -destalias "AppName_Environment" -keystore "C:\JKS\AppName_environment.p12" -storepass "StorePassword"

      Notes for step 3:

      a. It might ask to enter keypass and we can enter the store pass

      b. Even we provide upper case in alias name, the text will be converted to lower case and will be set as alias name

      c. Here I followed this alias naming convention: application name_environment name as mentioned in JMeter

    4. Import the certs into a JKS file and we can set any password to JKS and need not be same as cert. See the below command:

      keytool -importkeystore -srckeystore "C:\ JKS\ AppName _ Environment.p12" -srcstoretype pkcs12 -srcstorepass "SourceStorePasword” -destkeystore "C:\HomesiteJKS\BungalowFinal.jks" -deststoretype JKS -storepass "JKSPassword"

    5. Repeat the above step for all the remaining certs by changing the required parameter values

    6. Once we have the final JKS, we can start changing password for each of the cert in JKS and make it same as JKS(keystore) password. See the below command:

      keytool -keypasswd -alias " AppName_Environment" -keystore “C:\JKS\Final.jks"

      Note for step 6: It will ask you to enter keystore password, existing cert password, new password and repeat new password

    7. Repeat this step for all the cert entries of JKS file to have JKS password for all the certs

    8. Now we can use this file and add below entries in system.properties of JMeter: javax.net.ssl.keyStore=C:/JKS/Final.jks

      javax.net.ssl.keyStorePassword=JKSPassword

    9. Add the below entry either in user.properties or jmeter.properties of JMeter, which will allow us to use multiple certs from JKS file:

      https.use.cached.ssl.context=false

    10. Change Http Request implementation to HttpClient4

    11. Add Keystore configuration element to JMeter test with the below values:

      a. Preload: True

      b. Variable name holding certificate alias: CertAlias

      c. Alias Start index: 0

      d. Alias End index: 10000

    12. JMeter user defined variables must have CertAlias with the required alias name
    13. All set and we should be able to run the script on different application environments by loading particular cert with alias name