需要在 JMeter 中同时使用客户端和服务器端证书来命中 SSL 连接的 POST 请求
Posted
技术标签:
【中文标题】需要在 JMeter 中同时使用客户端和服务器端证书来命中 SSL 连接的 POST 请求【英文标题】:Need to use both client and server side certificates in JMeter to hit a POST request for SSL Connection 【发布时间】:2021-04-19 10:52:29 【问题描述】:我有一个场景,我需要在 JMEter 中使用服务器端证书 (certificate.ca.crt) 和客户端证书 (client.pem 和 private.key) 进行 SSL 连接。
我已经用 POSTMAN 配置了这些证书,它工作正常,但在 JMeter 中我是新手,我不知道该怎么做?
经过一些研究,到目前为止我在 JMeter 中做了一件事。我已执行以下命令来制作 .p12 格式文件
openssl pkcs12 -export -out certificates.p12 -inkey private.key -in certificate.ca.crt -in client.pem
然后我将certificates.p12放在JMeter的bin目录下,并在JMeter的bin目录下的system.properties中添加以下属性
javax.net.ssl.keyStoreType=pkcs12
javax.net.ssl.keyStore=certificates.p12
javax.net.ssl.keyStorePassword=password
https.keyStoreStartIndex=0
https.keyStoreEndIndex=1
当我从 JMeter 执行我的 API 后,我收到以下错误,
ava.lang.IllegalArgumentException: Could not create keystore: pkcs12 not found
at org.apache.jmeter.util.SSLManager.getKeyStore(SSLManager.java:126)
at org.apache.jmeter.util.JsseSSLManager.createContext(JsseSSLManager.java:214)
at org.apache.jmeter.util.JsseSSLManager.getContext(JsseSSLManager.java:176)
at org.apache.jmeter.util.HttpSSLProtocolSocketFactory.getSSLSocketFactory(HttpSSLProtocolSocketFactory.java:113)
at org.apache.jmeter.util.HttpSSLProtocolSocketFactory.createSocket(HttpSSLProtocolSocketFactory.java:180)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:393)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at org.apache.jmeter.protocol.http.sampler.hc.LazyLayeredConnectionSocketFactory.connectSocket(LazyLayeredConnectionSocketFactory.java:92)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl$JMeterDefaultHttpClientConnectionOperator.connect(HTTPHC4Impl.java:326)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:850)
at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:561)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:67)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1282)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1271)
at org.apache.jmeter.threads.JMeterThread.doSampling(JMeterThread.java:627)
at org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:551)
at org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:490)
at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:257)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.KeyStoreException: pkcs12 not found
at java.security.KeyStore.getInstance(KeyStore.java:851)
at org.apache.jmeter.util.keystore.JmeterKeyStore.<init>(JmeterKeyStore.java:85)
at org.apache.jmeter.util.keystore.JmeterKeyStore.getInstance(JmeterKeyStore.java:255)
at org.apache.jmeter.util.SSLManager.getKeyStore(SSLManager.java:122)
... 27 more
Caused by: java.security.NoSuchAlgorithmException: pkcs12 KeyStore not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:695)
at java.security.KeyStore.getInstance(KeyStore.java:848)
... 30 more
期待您的回答。谢谢!
【问题讨论】:
【参考方案1】:看起来pkcs12
后面有很多空格,所以它是pkcs12
如果您删除尾随空格,它应该可以正常工作。
我也认为不必将此javax.net.ssl.keyStoreType
属性指定为JMeter will guess it from the file name 和功能is there for years
更多信息:How to Set Your JMeter Load Test to Use Client Side Certificates
关于服务器端证书,您 don't have to do anything at all
JMeter HTTP 采样器被配置为接受所有证书,无论是否受信任,无论有效期等。这是为了在测试服务器时提供最大的灵活性。
【讨论】:
非常感谢。你的解决方案对我有用。pkcs12
之后的空格是我的 system.properties 文件中的问题。所以它是pkcs12
以上是关于需要在 JMeter 中同时使用客户端和服务器端证书来命中 SSL 连接的 POST 请求的主要内容,如果未能解决你的问题,请参考以下文章