jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leonardo - Itera" <leona...@itera.com.br>
Subject RES: Is Server Trusted?
Date Thu, 26 Sep 2002 19:51:05 GMT
jsse is builtin in jdk1.4.*

Leonardo

> -----Mensagem original-----
> De: Lemuel Typhair [mailto:ltyphair@Works.com]
> Enviada em: quinta-feira, 26 de setembro de 2002 16:36
> Para: 'JMeter Users List'
> Assunto: RE: Is Server Trusted?
>
>
> you need to add the jsse jars to the jmeter lib dir.
>
> jcert.jar
> jnet.jar
> jsse.jar
>
> thanks.
>
> > -----Original Message-----
> > From: Antonio Vaughn [mailto:avaughn@csee.usf.edu]
> > Sent: Thursday, September 26, 2002 2:36 PM
> > To: jmeter-user@jakarta.apache.org
> > Subject: Is Server Trusted?
> >
> >
> > Has anyone been able to make HTTPS work in jmeter?
> > If so, please tell me how you accomplished this.
> > I always receive the "Is Server Trusted?" message after
> > it prompts me for my keystore password.
> >
> > I have used openssl0.9.6b for Windows to become my own certificate
> > authority. I am using jdk1.4.1, unstable Jmeter version 1.7.3 running
> > on a Mandrake 8.1 Linux Box, and tomcat 4.0.3.
> >
> > My certificate authority is installed on the same Windows XP
> > machine as
> > the tomcat server. Jmeter is installed on my lLnux box as
> > well as jdk1.4.1
> > for Mandrake linx.
> >
> > I have used the following procedure to become my
> > own certificate authority.
> >
> > ***********************************************
> > .1 Generate the CA(Certificate Authority) key
> > openssl genrsa -rand -des -out ca.key 1024
> >
> > .2 Create a self signed certificate
> > openssl req -new -x509 -day 365 -key ca.key -out ca.crt
> >
> > .3 Prompted for location information for the ca.crt certificate.
> > I enter information for every field. For the name of the certificate I
> > use certificate authority.
> >
> > .4 Setup the OpenSSL CA tools
> > mkdir demoCA
> > mkdir demoCA/newcerts
> > create a empty demoCA/index.txt file
> > copy ca.crt to demoCA directory
> > echo 01 > demoCA/serial directory
> >
> > Note:
> > Now, create the client application's key store and export its
> > public key
> > so my own CA can sign it. I enter information for all of the fields,
> > using the same organization and organization unit information
> > as for the
> > certificate authority. I also use a different name then the
> > certificate
> > authority. For the name of the certificate, I use Tomcat Tomcat.
> >
> > .5 Create a new key store for the client application. I use keytool on
> > my linux box to create the keystore
> > keytool -keystore clienttestkeys -genkey -alias client
> >
> > .6 Export the client's public key on my linux box
> > keytool -keystore clienttestkeys -certreq -alias client -file
> > client.crs
> >
> > Note: Now, I save it to a floppy, and then I take it to my Windows XP
> > machine where the certificate authority is installed.
> >
> > .7 Sign the client's key with my CA key on my Windows XP machine
> > openssl ca -config /usr/local/ssl/openssl.cnf -in client.crs -out
> > client.crs.pem -keyfile ca.key
> >
> > Note: Now, I have a file called client.crs.pem, which is the
> > signed public
> > key. It needs to be converted to a format suitable for the
> > JDK's keytool
> > command, and then save it to floppy and import into clienttestkeys
> > keystore on the linux box.
> >
> > .8 Convert to DER format
> > openssl x509 -in client.crs.pem -out client.crs.der -outform DER
> >
> > .9 Import CA certificate (ca.crt) into client's keystore
> > keytool -keystore clienttestkeys -alias client_ca -import ca.crt
> >
> > .10 Import client's signed key into clients' key store
> > keytool -keystore clienttestkeys -alias client -import -file
> > client.crs.der
> >
> > Then, I execute steps 4-9 on the Windows XP for the tomcat server.
> > Since the certificate authority is on the Windows XP machine,
> > I perform
> > all of these steps on the same machine. This time, I substitute the
> > word tomcat everywhere you see client.
> > *************************************************
> >
> > After I do this, I run Jmeter and it still gives me "Is
> > Server Trusted?"
> > and the GIU tells me NON HTTP Response Code.
> >
> > Next, since Jmeter looks for the default ".keystore" file on
> > my linux box
> > under the user directory which happens to be /root/.keystore, I create
> > this file by copying my clienttestkeys to the /root directory and
> > renaming it to ".keystore".
> >
> > Next, since Jmeter uses the default truststore cacerts file, I have
> > to import Certificate Authority (ca.crt) file that I created on the
> > Windows XP machine to the cacerts keystore on my linux box. So, I
> > copy ca.crt to floppy and bring it to my linux box. I do the following
> > to import to cacert keystore. I do this in the same directory as
> > my cacerts file.
> > keytool -import -file ca.crt -trustcacerts -keystore cacerts
> > -storepass changeit
> >
> > Note: I have used "changeit" for the password for all of these steps.
> >
> > Now, I try my test, and Jmeter still asks me "Is Server Trusted?".
> >
> > Next, I  import my tomcat certifate into the cacerts file by doing the
> > following
> > keytool -import -file tomcat.crs.der -trustcacerts -keystore cacerts
> > -storepass changeit
> >
> > Now, I try my test, and Jmeter still asks me "Is Server Trusted?"
> >
> >
> > I am really not sure how I am supposed to use HTTPS, but if anyone
> > has suggestions or instructions, please let me know.
> >
> >
> > Regards,
> > Tony
> >
> >
> > --
> > To unsubscribe, e-mail:
> <mailto:jmeter-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:jmeter-user-help@jakarta.apache.org>
>
>
>
> --
> To unsubscribe, e-mail:
<mailto:jmeter-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:jmeter-user-help@jakarta.apache.org>



--
To unsubscribe, e-mail:   <mailto:jmeter-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jmeter-user-help@jakarta.apache.org>


Mime
View raw message