Search code examples
ssljmeterssl-certificateload-testingkeystore

Need to use both client and server side certificates in JMeter to hit a POST request for SSL Connection

I have a scenario where I need to hit a POST Request in JMEter with Server side certificate (certificate.ca.crt) and Client side certificates with (client.pem and private.key) for SSL Connection.

I have configured these certificates with POSTMAN and it's working fine but in JMeter I am new and I don't know how to do it?

I have done one thing so far in JMeter after some research. I have executed following command to make a .p12 format file

openssl pkcs12 -export -out certificates.p12 -inkey private.key -in certificate.ca.crt -in client.pem

and then I placed the certificates.p12 under bin directory of JMeter and added following properties in system.properties on JMeter's bin directory

javax.net.ssl.keyStoreType=pkcs12    
javax.net.ssl.keyStore=certificates.p12
javax.net.ssl.keyStorePassword=password

https.keyStoreStartIndex=0
https.keyStoreEndIndex=1

After doing this when I execute my API from JMeter, I am getting following error,

ava.lang.IllegalArgumentException: Could not create keystore: pkcs12     not found
    at org.apache.jmeter.util.SSLManager.getKeyStore(SSLManager.java:126)
    at org.apache.jmeter.util.JsseSSLManager.createContext(JsseSSLManager.java:214)
    at org.apache.jmeter.util.JsseSSLManager.getContext(JsseSSLManager.java:176)
    at org.apache.jmeter.util.HttpSSLProtocolSocketFactory.getSSLSocketFactory(HttpSSLProtocolSocketFactory.java:113)
    at org.apache.jmeter.util.HttpSSLProtocolSocketFactory.createSocket(HttpSSLProtocolSocketFactory.java:180)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:393)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
    at org.apache.jmeter.protocol.http.sampler.hc.LazyLayeredConnectionSocketFactory.connectSocket(LazyLayeredConnectionSocketFactory.java:92)
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
    at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl$JMeterDefaultHttpClientConnectionOperator.connect(HTTPHC4Impl.java:326)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
    at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:850)
    at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:561)
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:67)
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1282)
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1271)
    at org.apache.jmeter.threads.JMeterThread.doSampling(JMeterThread.java:627)
    at org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:551)
    at org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:490)
    at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:257)
    at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.KeyStoreException: pkcs12     not found
    at java.security.KeyStore.getInstance(KeyStore.java:851)
    at org.apache.jmeter.util.keystore.JmeterKeyStore.<init>(JmeterKeyStore.java:85)
    at org.apache.jmeter.util.keystore.JmeterKeyStore.getInstance(JmeterKeyStore.java:255)
    at org.apache.jmeter.util.SSLManager.getKeyStore(SSLManager.java:122)
    ... 27 more
Caused by: java.security.NoSuchAlgorithmException: pkcs12     KeyStore not available
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
    at java.security.Security.getImpl(Security.java:695)
    at java.security.KeyStore.getInstance(KeyStore.java:848)
    ... 30 more

Looking forward to your answers. Thank you!

Solution

  • It looks like you have a number of whitespaces after pkcs12 so it is rather pkcs12

    If you remove trailing whitespaces it should work normally.

    I also believe that it's not mandatory to specify this javax.net.ssl.keyStoreType property as JMeter will guess it from the file name and the functionality is there for years

    More information: How to Set Your JMeter Load Test to Use Client Side Certificates

    With regards to server-side certificates you don't have to do anything at all

    The JMeter HTTP samplers are configured to accept all certificates, whether trusted or not, regardless of validity periods, etc. This is to allow the maximum flexibility in testing servers.