jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Berin Loritsch <blorit...@apache.org>
Subject Re: SSL Question
Date Mon, 10 Dec 2001 19:33:05 GMT
Gurinder Marok wrote:

> 
> Hi All,
> JMeter: 1.7beta on win2000
> I have a couple of questions about https support. I've installed JSSE.
> JMeter confirms it on startup with the following message:
> <<
> C:\jakarta-jmeter\bin>CALL ..\lcp ..\lib\ant-1.3-optional.jar
> SSL Provider is: SunJSSE version 1.02
> 
>>>
> Upon issuing a https request jmeter opens a popup asking for keystore 
> password.
> <<
> Sampling url: https://symphony.torolab.ibm.com:443/
> KeyStore Type: JKS
> 
>>>
> I don't know if I got the password correct. (I leave it blank and press 
> enter)


The password is for your local keystore--so JMeter can use your personal
certificate to authenticate in case it is required.


> At this moment you are probably asking me why I just don't create a new 
> local cacert.
> 1) One reason is that our product ships with this cert as a default and 
> when developers use the
> product the browsers just bring up a warning stating hostname issue. 
>  From the browser we get around by acknowledging the issue.
> So there is not issue from a development perspective.


For JMeter or JSSE to resolve against a host, it must have a valid reference
to the CACERT that the host validates against.  A browser is smart enough
to pop up a dialog and ask if you trust the CACERT if it is not already
installed.  Unfortunately, JSSE simply throws an exception, and does not
provide an easy conversational method of accepting the cert.


> 2) I'm a little cloudy on certificate signing subject matter.
> So to my questions:
> Does Jmeter support a mode to get around the hostname issue in the cert? 


This is a JSSE issue.  You must have the CACERT of the machine you are
authenticating against.  JMeter tries to use the most relaxed policies
it can--but there are limitations to what it can do.


> If not, is the implementation fairly localized such that
> I can update the code in the area of the exception to get around it.
> Or do I have to create a new cert file for my machine?
> I've configured the web generator control to send the request out on 
> port 443.
> Sampling url: https://symphony.torolab.ibm.com:443/
> Is server trusted ???
> java.io.IOException: HTTPS hostname wrong: should be
> , but cert says
> at java.io.IOException.(IOException.java:49)
> at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V
> 1.2-120198])
> at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V
> 1.2-120198])
> at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V
> 1.2-120198])
> at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connec
> t([DashoPro-V1.2-120198])
> at org.apache.jmeter.protocol.http.sampler.HTTPSampler.sample(HTTPSample
> r.java:437)
> at org.apache.jmeter.protocol.http.sampler.HTTPSampler.sample(HTTPSample
> r.java:164)
> at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java(Compiled
> Code))
> at java.lang.Thread.run(Thread.java:481)
> Thanks for giving me your time.
> Regards,
> Gurinder Marok
> Email: gmarok@ca.ibm.com


I wish I could help you more, but JSSE is your enemy here.  Server
certificates must match the name of the machine you are authenticating
against.  IOW, if your server is www.widget.com, then the server certificate
name must be www.widget.com.  There is no way around this that I know of.


> 
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
> 
> 
> -- 
> To unsubscribe, e-mail:   
> <mailto:jmeter-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: 
> <mailto:jmeter-user-help@jakarta.apache.org>
> 
> .
> 



-- 

"They that give up essential liberty to obtain a little temporary safety
  deserve neither liberty nor safety."
                 - Benjamin Franklin


--
To unsubscribe, e-mail:   <mailto:jmeter-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jmeter-user-help@jakarta.apache.org>


Mime
View raw message