You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jmeter.apache.org by Philippe Mouawad <ph...@gmail.com> on 2013/07/24 07:54:10 UTC
update Jmeter proxy certificate
Hello,
IOS 6 does not trust any Root CA that is based on MD5 hashing. It works
with SHA1.
We should upgrade JMeter certificate so that it is usable for mobile
recording if it is possible
Regards
Philippe
--
Cordialement.
Philippe Mouawad.
Re: update Jmeter proxy certificate
Posted by sebb <se...@gmail.com>.
I managed to use the new certificate with Firefox on Windows, so I
have now updated the copy in SVN.
Hopefully Mac browsers can also use the new certificate.
Note that the user can of course use their own certificate by
adjusting the properties that JMeter uses to read it.
On 26 July 2013 21:26, Philippe Mouawad <ph...@gmail.com> wrote:
> Thanks sebb
>
> On Fri, Jul 26, 2013 at 5:55 PM, sebb <se...@gmail.com> wrote:
>
>> As I expect you know, the script that was used to generate the
>> certificate is in extras/proxycert.[sh|cmd]
>>
>> The current certificate expires next year:
>>
>> Keystore type: JKS
>> Keystore provider: SUN
>>
>> Your keystore contains 1 entry
>>
>> $ keytool -list -v -keystore proxyserver.jks -storepass password
>> Alias name: jmeter
>> Creation date: 05-Aug-2009
>> Entry type: PrivateKeyEntry
>> Certificate chain length: 1
>> Certificate[1]:
>> Owner: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US
>> Issuer: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US
>> Serial number: 4a7a0ad5
>> Valid from: Wed Aug 05 23:42:29 BST 2009 until: Mon Aug 04 23:42:29 BST
>> 2014
>> Certificate fingerprints:
>> MD5: E0:CA:71:36:DC:4A:18:32:D9:B3:2B:6F:58:65:37:77
>> SHA1: 90:C3:E8:B0:F1:8D:79:30:39:B5:9A:AA:E0:6F:48:3B:92:30:C8:DF
>> SHA256:
>>
>> C4:34:1E:3D:E2:87:23:2B:8E:2B:BD:17:91:2F:4C:D2:9A:50:5D:44:8E:43:9B:3A:9E:09:6C:D6:5A:46:9C:B1
>> Signature algorithm name: MD5withRSA
>> Version: 1
>>
>> I just tried using the keytool from Java 7, and the certificate it
>> createad looks like this:
>>
>> >>>>>>
>> Keystore type: JKS
>> Keystore provider: SUN
>>
>> Your keystore contains 1 entry
>>
>> Alias name: jmeter
>> Creation date: 26-Jul-2013
>> Entry type: PrivateKeyEntry
>> Certificate chain length: 1
>> Certificate[1]:
>> Owner: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US
>> Issuer: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US
>> Serial number: 1b7a11fb
>> Valid from: Fri Jul 26 16:29:35 BST 2013 until: Wed Jul 25 16:29:35 BST
>> 2018
>> Certificate fingerprints:
>> MD5: 26:82:F5:FF:B4:CD:B9:12:4E:6F:FA:D9:62:59:DE:D2
>> SHA1: AD:FA:59:47:A0:86:92:36:D0:42:51:F2:AA:C8:7E:99:20:28:84:3A
>> SHA256:
>>
>> 66:92:FD:1C:EE:BC:F9:C4:E4:F9:F8:9A:3A:1F:55:6F:62:AD:1B:E6:45:AA:B7:AD:D6:93:ED:C8:84:E5:10:07
>> Signature algorithm name: SHA256withRSA
>> Version: 3
>>
>> Extensions:
>>
>> #1: ObjectId: 2.5.29.14 Criticality=false
>> SubjectKeyIdentifier [
>> KeyIdentifier [
>> 0000: 40 E9 82 67 5C 22 45 1B EB E3 85 C3 0F BC E6 5C @..g\"E........\
>> 0010: 40 8C 84 50 @..P
>> ]
>> ]
>> <<<<<<<<<
>>
>> That looks like it may work on iOS6
>>
>> I'll send you a copy by private mail.
>>
>> On 25 July 2013 23:02, Philippe Mouawad <ph...@gmail.com>
>> wrote:
>> > It seems it is not possible with keytool (at least version 6).
>> >
>> > I will continue investigations, if you already know about it ,tell me.
>> >
>> > Thanks
>> >
>> > On Thu, Jul 25, 2013 at 3:15 PM, sebb <se...@gmail.com> wrote:
>> >
>> >> On 24 July 2013 06:54, Philippe Mouawad <ph...@gmail.com>
>> >> wrote:
>> >> > Hello,
>> >> > IOS 6 does not trust any Root CA that is based on MD5 hashing. It
>> works
>> >> > with SHA1.
>> >> >
>> >> > We should upgrade JMeter certificate so that it is usable for mobile
>> >> > recording if it is possible
>> >>
>> >> OK by me.
>> >>
>> >> > Regards
>> >> > Philippe
>> >> >
>> >> >
>> >> > --
>> >> > Cordialement.
>> >> > Philippe Mouawad.
>> >>
>> >
>> >
>> >
>> > --
>> > Cordialement.
>> > Philippe Mouawad.
>>
>
>
>
> --
> Cordialement.
> Philippe Mouawad.
Re: update Jmeter proxy certificate
Posted by Philippe Mouawad <ph...@gmail.com>.
Thanks sebb
On Fri, Jul 26, 2013 at 5:55 PM, sebb <se...@gmail.com> wrote:
> As I expect you know, the script that was used to generate the
> certificate is in extras/proxycert.[sh|cmd]
>
> The current certificate expires next year:
>
> Keystore type: JKS
> Keystore provider: SUN
>
> Your keystore contains 1 entry
>
> $ keytool -list -v -keystore proxyserver.jks -storepass password
> Alias name: jmeter
> Creation date: 05-Aug-2009
> Entry type: PrivateKeyEntry
> Certificate chain length: 1
> Certificate[1]:
> Owner: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US
> Issuer: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US
> Serial number: 4a7a0ad5
> Valid from: Wed Aug 05 23:42:29 BST 2009 until: Mon Aug 04 23:42:29 BST
> 2014
> Certificate fingerprints:
> MD5: E0:CA:71:36:DC:4A:18:32:D9:B3:2B:6F:58:65:37:77
> SHA1: 90:C3:E8:B0:F1:8D:79:30:39:B5:9A:AA:E0:6F:48:3B:92:30:C8:DF
> SHA256:
>
> C4:34:1E:3D:E2:87:23:2B:8E:2B:BD:17:91:2F:4C:D2:9A:50:5D:44:8E:43:9B:3A:9E:09:6C:D6:5A:46:9C:B1
> Signature algorithm name: MD5withRSA
> Version: 1
>
> I just tried using the keytool from Java 7, and the certificate it
> createad looks like this:
>
> >>>>>>
> Keystore type: JKS
> Keystore provider: SUN
>
> Your keystore contains 1 entry
>
> Alias name: jmeter
> Creation date: 26-Jul-2013
> Entry type: PrivateKeyEntry
> Certificate chain length: 1
> Certificate[1]:
> Owner: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US
> Issuer: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US
> Serial number: 1b7a11fb
> Valid from: Fri Jul 26 16:29:35 BST 2013 until: Wed Jul 25 16:29:35 BST
> 2018
> Certificate fingerprints:
> MD5: 26:82:F5:FF:B4:CD:B9:12:4E:6F:FA:D9:62:59:DE:D2
> SHA1: AD:FA:59:47:A0:86:92:36:D0:42:51:F2:AA:C8:7E:99:20:28:84:3A
> SHA256:
>
> 66:92:FD:1C:EE:BC:F9:C4:E4:F9:F8:9A:3A:1F:55:6F:62:AD:1B:E6:45:AA:B7:AD:D6:93:ED:C8:84:E5:10:07
> Signature algorithm name: SHA256withRSA
> Version: 3
>
> Extensions:
>
> #1: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: 40 E9 82 67 5C 22 45 1B EB E3 85 C3 0F BC E6 5C @..g\"E........\
> 0010: 40 8C 84 50 @..P
> ]
> ]
> <<<<<<<<<
>
> That looks like it may work on iOS6
>
> I'll send you a copy by private mail.
>
> On 25 July 2013 23:02, Philippe Mouawad <ph...@gmail.com>
> wrote:
> > It seems it is not possible with keytool (at least version 6).
> >
> > I will continue investigations, if you already know about it ,tell me.
> >
> > Thanks
> >
> > On Thu, Jul 25, 2013 at 3:15 PM, sebb <se...@gmail.com> wrote:
> >
> >> On 24 July 2013 06:54, Philippe Mouawad <ph...@gmail.com>
> >> wrote:
> >> > Hello,
> >> > IOS 6 does not trust any Root CA that is based on MD5 hashing. It
> works
> >> > with SHA1.
> >> >
> >> > We should upgrade JMeter certificate so that it is usable for mobile
> >> > recording if it is possible
> >>
> >> OK by me.
> >>
> >> > Regards
> >> > Philippe
> >> >
> >> >
> >> > --
> >> > Cordialement.
> >> > Philippe Mouawad.
> >>
> >
> >
> >
> > --
> > Cordialement.
> > Philippe Mouawad.
>
--
Cordialement.
Philippe Mouawad.
Re: update Jmeter proxy certificate
Posted by sebb <se...@gmail.com>.
As I expect you know, the script that was used to generate the
certificate is in extras/proxycert.[sh|cmd]
The current certificate expires next year:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
$ keytool -list -v -keystore proxyserver.jks -storepass password
Alias name: jmeter
Creation date: 05-Aug-2009
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US
Issuer: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US
Serial number: 4a7a0ad5
Valid from: Wed Aug 05 23:42:29 BST 2009 until: Mon Aug 04 23:42:29 BST 2014
Certificate fingerprints:
MD5: E0:CA:71:36:DC:4A:18:32:D9:B3:2B:6F:58:65:37:77
SHA1: 90:C3:E8:B0:F1:8D:79:30:39:B5:9A:AA:E0:6F:48:3B:92:30:C8:DF
SHA256:
C4:34:1E:3D:E2:87:23:2B:8E:2B:BD:17:91:2F:4C:D2:9A:50:5D:44:8E:43:9B:3A:9E:09:6C:D6:5A:46:9C:B1
Signature algorithm name: MD5withRSA
Version: 1
I just tried using the keytool from Java 7, and the certificate it
createad looks like this:
>>>>>>
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: jmeter
Creation date: 26-Jul-2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US
Issuer: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US
Serial number: 1b7a11fb
Valid from: Fri Jul 26 16:29:35 BST 2013 until: Wed Jul 25 16:29:35 BST 2018
Certificate fingerprints:
MD5: 26:82:F5:FF:B4:CD:B9:12:4E:6F:FA:D9:62:59:DE:D2
SHA1: AD:FA:59:47:A0:86:92:36:D0:42:51:F2:AA:C8:7E:99:20:28:84:3A
SHA256:
66:92:FD:1C:EE:BC:F9:C4:E4:F9:F8:9A:3A:1F:55:6F:62:AD:1B:E6:45:AA:B7:AD:D6:93:ED:C8:84:E5:10:07
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 40 E9 82 67 5C 22 45 1B EB E3 85 C3 0F BC E6 5C @..g\"E........\
0010: 40 8C 84 50 @..P
]
]
<<<<<<<<<
That looks like it may work on iOS6
I'll send you a copy by private mail.
On 25 July 2013 23:02, Philippe Mouawad <ph...@gmail.com> wrote:
> It seems it is not possible with keytool (at least version 6).
>
> I will continue investigations, if you already know about it ,tell me.
>
> Thanks
>
> On Thu, Jul 25, 2013 at 3:15 PM, sebb <se...@gmail.com> wrote:
>
>> On 24 July 2013 06:54, Philippe Mouawad <ph...@gmail.com>
>> wrote:
>> > Hello,
>> > IOS 6 does not trust any Root CA that is based on MD5 hashing. It works
>> > with SHA1.
>> >
>> > We should upgrade JMeter certificate so that it is usable for mobile
>> > recording if it is possible
>>
>> OK by me.
>>
>> > Regards
>> > Philippe
>> >
>> >
>> > --
>> > Cordialement.
>> > Philippe Mouawad.
>>
>
>
>
> --
> Cordialement.
> Philippe Mouawad.
Re: update Jmeter proxy certificate
Posted by Philippe Mouawad <ph...@gmail.com>.
It seems it is not possible with keytool (at least version 6).
I will continue investigations, if you already know about it ,tell me.
Thanks
On Thu, Jul 25, 2013 at 3:15 PM, sebb <se...@gmail.com> wrote:
> On 24 July 2013 06:54, Philippe Mouawad <ph...@gmail.com>
> wrote:
> > Hello,
> > IOS 6 does not trust any Root CA that is based on MD5 hashing. It works
> > with SHA1.
> >
> > We should upgrade JMeter certificate so that it is usable for mobile
> > recording if it is possible
>
> OK by me.
>
> > Regards
> > Philippe
> >
> >
> > --
> > Cordialement.
> > Philippe Mouawad.
>
--
Cordialement.
Philippe Mouawad.
Re: update Jmeter proxy certificate
Posted by sebb <se...@gmail.com>.
On 24 July 2013 06:54, Philippe Mouawad <ph...@gmail.com> wrote:
> Hello,
> IOS 6 does not trust any Root CA that is based on MD5 hashing. It works
> with SHA1.
>
> We should upgrade JMeter certificate so that it is usable for mobile
> recording if it is possible
OK by me.
> Regards
> Philippe
>
>
> --
> Cordialement.
> Philippe Mouawad.