You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jmeter.apache.org by sebb <se...@gmail.com> on 2013/09/04 03:13:25 UTC

KeyToolUtils changes for Bug 55507

The code added in:

URL: http://svn.apache.org/r1519890
Log:
Proxy SSL recording does not handle external embedded resources well
Part 1: Add methods to create the necessary certificate and keystore

is sufficient to create the keystore and external certificate.

For example:

        KeyToolUtils.generateProxyCA(new File("server.jks"),"password", 1);
        KeyToolUtils.generateDomainCert(new
File("server.jks"),"password", "apache.org", 1);

However the keystore is not usable with the current Proxy code as the
keystore contains multiple keys, and the existing code assumes there
is only one.

Fixing that is next on my list (I have test code that works).

I decided to use a single keystore for all the certificates.
The domain keys only work with a specific CA cert, so it makes sense
to keep them together. The keystore is recreated when a new CA cert is
created.
This automatically drops all the invalidated domain keys.

The code currently uses a fixed name for the CA certificate.
But perhaps it would be better to use the same name as the keystore?
That would show that they are related, and would be a bit more flexible.