需要在 JMeter 中同时使用客户端和服务器端证书来命中 SSL 连接的 POST 请求
Need to use both client and server side certificates in JMeter to hit a POST request for SSL Connection
我有一个场景,我需要在 JMEter 中使用服务器端证书(certificate.ca.crt)和客户端证书(client.pem 和 private.key) 用于 SSL 连接。
我已经使用 POSTMAN 配置了这些证书并且工作正常,但是在 JMeter 中我是新手,我不知道该怎么做?
经过一些研究,到目前为止,我已经在 JMeter 中做了一件事。我执行了以下命令来制作 .p12 格式文件
openssl pkcs12 -export -out certificates.p12 -inkey private.key -in certificate.ca.crt -in client.pem
然后我将 certificates.p12 放在 JMeter 的 bin 目录下,并在 JMeter 的 bin 目录 system.properties 中添加以下属性
javax.net.ssl.keyStoreType=pkcs12
javax.net.ssl.keyStore=certificates.p12
javax.net.ssl.keyStorePassword=password
https.keyStoreStartIndex=0
https.keyStoreEndIndex=1
当我从 JMeter 执行我的 API 时,我收到以下错误,
ava.lang.IllegalArgumentException: Could not create keystore: pkcs12 not found
at org.apache.jmeter.util.SSLManager.getKeyStore(SSLManager.java:126)
at org.apache.jmeter.util.JsseSSLManager.createContext(JsseSSLManager.java:214)
at org.apache.jmeter.util.JsseSSLManager.getContext(JsseSSLManager.java:176)
at org.apache.jmeter.util.HttpSSLProtocolSocketFactory.getSSLSocketFactory(HttpSSLProtocolSocketFactory.java:113)
at org.apache.jmeter.util.HttpSSLProtocolSocketFactory.createSocket(HttpSSLProtocolSocketFactory.java:180)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:393)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at org.apache.jmeter.protocol.http.sampler.hc.LazyLayeredConnectionSocketFactory.connectSocket(LazyLayeredConnectionSocketFactory.java:92)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl$JMeterDefaultHttpClientConnectionOperator.connect(HTTPHC4Impl.java:326)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:850)
at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:561)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:67)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1282)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1271)
at org.apache.jmeter.threads.JMeterThread.doSampling(JMeterThread.java:627)
at org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:551)
at org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:490)
at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:257)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.KeyStoreException: pkcs12 not found
at java.security.KeyStore.getInstance(KeyStore.java:851)
at org.apache.jmeter.util.keystore.JmeterKeyStore.<init>(JmeterKeyStore.java:85)
at org.apache.jmeter.util.keystore.JmeterKeyStore.getInstance(JmeterKeyStore.java:255)
at org.apache.jmeter.util.SSLManager.getKeyStore(SSLManager.java:122)
... 27 more
Caused by: java.security.NoSuchAlgorithmException: pkcs12 KeyStore not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:695)
at java.security.KeyStore.getInstance(KeyStore.java:848)
... 30 more
期待您的回答。谢谢!
看起来你在 pkcs12 之后有很多空格所以它更像是 pkcs12
如果您删除尾随空格,它应该可以正常工作。
我也认为将此 javax.net.ssl.keyStoreType 属性 指定为 JMeter will guess it from the file name and the functionality is there for years
并不是强制性的
更多信息:How to Set Your JMeter Load Test to Use Client Side Certificates
关于服务器端证书,您 don't have to do anything at all
The JMeter HTTP samplers are configured to accept all certificates, whether trusted or not, regardless of validity periods, etc. This is to allow the maximum flexibility in testing servers.
我有一个场景,我需要在 JMEter 中使用服务器端证书(certificate.ca.crt)和客户端证书(client.pem 和 private.key) 用于 SSL 连接。
我已经使用 POSTMAN 配置了这些证书并且工作正常,但是在 JMeter 中我是新手,我不知道该怎么做?
经过一些研究,到目前为止,我已经在 JMeter 中做了一件事。我执行了以下命令来制作 .p12 格式文件
openssl pkcs12 -export -out certificates.p12 -inkey private.key -in certificate.ca.crt -in client.pem
然后我将 certificates.p12 放在 JMeter 的 bin 目录下,并在 JMeter 的 bin 目录 system.properties 中添加以下属性
javax.net.ssl.keyStoreType=pkcs12
javax.net.ssl.keyStore=certificates.p12
javax.net.ssl.keyStorePassword=password
https.keyStoreStartIndex=0
https.keyStoreEndIndex=1
当我从 JMeter 执行我的 API 时,我收到以下错误,
ava.lang.IllegalArgumentException: Could not create keystore: pkcs12 not found
at org.apache.jmeter.util.SSLManager.getKeyStore(SSLManager.java:126)
at org.apache.jmeter.util.JsseSSLManager.createContext(JsseSSLManager.java:214)
at org.apache.jmeter.util.JsseSSLManager.getContext(JsseSSLManager.java:176)
at org.apache.jmeter.util.HttpSSLProtocolSocketFactory.getSSLSocketFactory(HttpSSLProtocolSocketFactory.java:113)
at org.apache.jmeter.util.HttpSSLProtocolSocketFactory.createSocket(HttpSSLProtocolSocketFactory.java:180)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:393)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at org.apache.jmeter.protocol.http.sampler.hc.LazyLayeredConnectionSocketFactory.connectSocket(LazyLayeredConnectionSocketFactory.java:92)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl$JMeterDefaultHttpClientConnectionOperator.connect(HTTPHC4Impl.java:326)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:850)
at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:561)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:67)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1282)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1271)
at org.apache.jmeter.threads.JMeterThread.doSampling(JMeterThread.java:627)
at org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:551)
at org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:490)
at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:257)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.KeyStoreException: pkcs12 not found
at java.security.KeyStore.getInstance(KeyStore.java:851)
at org.apache.jmeter.util.keystore.JmeterKeyStore.<init>(JmeterKeyStore.java:85)
at org.apache.jmeter.util.keystore.JmeterKeyStore.getInstance(JmeterKeyStore.java:255)
at org.apache.jmeter.util.SSLManager.getKeyStore(SSLManager.java:122)
... 27 more
Caused by: java.security.NoSuchAlgorithmException: pkcs12 KeyStore not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:695)
at java.security.KeyStore.getInstance(KeyStore.java:848)
... 30 more
期待您的回答。谢谢!
看起来你在 pkcs12 之后有很多空格所以它更像是 pkcs12
如果您删除尾随空格,它应该可以正常工作。
我也认为将此 javax.net.ssl.keyStoreType 属性 指定为 JMeter will guess it from the file name and the functionality is there for years
更多信息:How to Set Your JMeter Load Test to Use Client Side Certificates
关于服务器端证书,您 don't have to do anything at all
The JMeter HTTP samplers are configured to accept all certificates, whether trusted or not, regardless of validity periods, etc. This is to allow the maximum flexibility in testing servers.