SOAP HTTPS & Client Certificates

[Andrei Muresanu <an...@gmail.com>]

Hi all,

using Jmeter 2.4 r961953 - JRE x86 1.6.0_21 on Windows Vista SP2 x64.

I am trying to load test a SOAP Web Service to which I connect via SSL using
client certificate authentication. Web Service resides on an IBM WAS 6.1/AIX
(cluster actually, published via two ibm http server balanced by a load
balacing device).

Using "WebService(SOAP) Request" Sampler.

What I have achieved until now:

1. client certificate was self-signed with a password length of 5 (SSL
Manager would not be able to load the private key from the store), in
PKCS#12 format (.p12 extension)
a. Imported in Windows the certificate (marked as private key exportable
during import)
b. Exported as pfx/p12 including the private key using a password length of
6 - Now SSL Manager finds the private key
c. exported the signing certificate (self-signed, so itself) as X509 DER
(from Windows)
d. using keytool.exe from %JAVA_HOME%/bin I created a new JKS keystore by
importing the X509 Certificate and named it jssecacerts. This keystore I
copied in %JAVA_HOME%/lib/security

Now, when I load the private key (that resides in the p12/pfx keystore
exported at step 1.b.) using SSL Manager, the correct key is selected (I am
not prompted for a password). If I then go to the Webservice Sampler and
press load wsdl, i am prompted to enter the p12 keystore password. Only
after this step can I "start" my tests....locally. If i don't press "load
wsdl" and just "start" the tests (run > start) i get the following error:

Response message: Error opening socket: java.net.SocketException:
java.security.NoSuchAlgorithmException: Error constructing implementation
(algorithm: Default, provider: SunJSSE, class:
com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)

I want to be able to adapt the Jmeter config so that I can run the tests
from many more machines concurrently (via jmeter console). I guess that in
order to achieve this i would have to configure it so that i only have to
"run jmeter.bat, load test plan and go run>start". without loading cert
using ssl manager and pressing "load wsdl".

what i tried (system.properties):

javax.net.ssl.trustStore=D:\jssecacerts - copied there for the test
javax.net.ssl.keyStoreType=pkcs12 - this line i added myself after
consulting the source code of ssl manager
javax.net.ssl.keyStore=D:\client_auth.p12 - certificate containing the
private key used for client authentication
javax.net.ssl.keyStorePassword=123456 - literrally, this is the password of
the p12 store

this only gives me the same error as above when doing "run jmeter.bat, load
test plan and go run>start"

Why does this happen ? And this after I am setting
javax.net.ssl.keyStoreType=pkcs12, manually in system.properties ????

Re: SOAP HTTPS & Client Certificates

[sebb <se...@gmail.com>]

On 4 August 2010 12:21, Andrei Muresanu <an...@gmail.com> wrote:
> Hi all,
>
> using Jmeter 2.4 r961953 - JRE x86 1.6.0_21 on Windows Vista SP2 x64.
>
> I am trying to load test a SOAP Web Service to which I connect via SSL using
> client certificate authentication. Web Service resides on an IBM WAS 6.1/AIX
> (cluster actually, published via two ibm http server balanced by a load
> balacing device).
>
> Using "WebService(SOAP) Request" Sampler.

This uses an old version of Apache SOAP which is no longer maintained.

> What I have achieved until now:
>
> 1. client certificate was self-signed with a password length of 5 (SSL
> Manager would not be able to load the private key from the store), in
> PKCS#12 format (.p12 extension)
> a. Imported in Windows the certificate (marked as private key exportable
> during import)
> b. Exported as pfx/p12 including the private key using a password length of
> 6 - Now SSL Manager finds the private key
> c. exported the signing certificate (self-signed, so itself) as X509 DER
> (from Windows)
> d. using keytool.exe from %JAVA_HOME%/bin I created a new JKS keystore by
> importing the X509 Certificate and named it jssecacerts. This keystore I
> copied in %JAVA_HOME%/lib/security
>
> Now, when I load the private key (that resides in the p12/pfx keystore
> exported at step 1.b.) using SSL Manager, the correct key is selected (I am
> not prompted for a password). If I then go to the Webservice Sampler and
> press load wsdl, i am prompted to enter the p12 keystore password. Only
> after this step can I "start" my tests....locally. If i don't press "load
> wsdl" and just "start" the tests (run > start) i get the following error:
>
> Response message: Error opening socket: java.net.SocketException:
> java.security.NoSuchAlgorithmException: Error constructing implementation
> (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>
> I want to be able to adapt the Jmeter config so that I can run the tests
> from many more machines concurrently (via jmeter console). I guess that in
> order to achieve this i would have to configure it so that i only have to
> "run jmeter.bat, load test plan and go run>start". without loading cert
> using ssl manager and pressing "load wsdl".
>
> what i tried (system.properties):
>
> javax.net.ssl.trustStore=D:\jssecacerts - copied there for the test
> javax.net.ssl.keyStoreType=pkcs12 - this line i added myself after
> consulting the source code of ssl manager
> javax.net.ssl.keyStore=D:\client_auth.p12 - certificate containing the
> private key used for client authentication
> javax.net.ssl.keyStorePassword=123456 - literrally, this is the password of
> the p12 store
>
> this only gives me the same error as above when doing "run jmeter.bat, load
> test plan and go run>start"
>
> Why does this happen ? And this after I am setting
> javax.net.ssl.keyStoreType=pkcs12, manually in system.properties ????

Try using

http://jakarta.apache.org/jmeter/usermanual/component_reference.html#SOAP/XML-RPC_Request

instead.

---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org