jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <>
Subject Re: Problem with ssl certificate
Date Sat, 03 Feb 2007 17:17:07 GMT
On 01/02/07, sebb <> wrote:
> On 29/01/07, xue wu <> wrote:
> > Hi all,
> > I want to use Jmeter to test a https website. I installed and exported
> > the certificate of that site as a cer file and imported this cer file
> > to the cacert keystore under jre/lib/security. and then in the
> > file i stated like this:
> >
> >
> >
> >\Program Files\Java\jdk1.6.0\jre\lib\security\cacerts
> >
> Should be no need to do that.
> > When I run Jmeter, I always got the error "Couldn't load keystore
> > java.lang.Exception: No key found"
> Not sure what causes this problem, but the message can be ignored, as
> the sampler still works for me.

I've discovered that this happens when you don't provide a keystore.
JMeter creates an empty keystore. It then searches it for keys, but of
course does not find any! The error message should only be generated
for actual keystores.
[I'm in the process of fixing this and producing better error messages]

> > I also tried to create a new keystore and paste it to
> > jre/lib/security, but it did not make any difference.
> > Does anyone know what else should I do to make the Jmeter work
> > properly with https web site?
> So long as you are using Java 1.4.2 or later JMeter should work "out
> of the box" with any https web-site that uses a certificate signed by
> an authority known to Java.
> If the authority is  not known to Java, you will have to tell Java
> about it (as you have done).

Actually you don't have to do this, as the JMeter SSLManager installs
a very lenient TrustManager that trusts everything.

> The HTTP Sampler can handle self-signed certificates; however the HTTP
> HttpClient Sampler cannot yet do so.

I've just about got this working.

> Furthermore if you mix HTTP and HTTP HttpClient samplers in the same
> test plan, the HttpClient samplers will stop working if there is a
> previous HTTP Sampler that connects to a self-signed site... [I need
> to create a Bugzilla for this].

I think I've found a fix for that.

> S///

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message