You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@jmeter.apache.org by Smruti Koyande <sm...@cateina.com> on 2022/07/15 05:40:28 UTC

Certificate error while running test

Hi,

I am getting the below error while running JSR223 Sampler. It just sends
one simple GET API request.

[image: image.png]

[image: image.png]


Regards,
Smruti Koyande

Re: Certificate error while running test

Posted by Deepak Goel <de...@gmail.com>.

The error is not clearly visible in the image shared by you.


Deepak
"The greatness of a nation can be judged by the way its animals are treated
- Mahatma Gandhi"

+91 73500 12833
deicool@gmail.com

Facebook: https://www.facebook.com/deicool
LinkedIn: www.linkedin.com/in/deicool

"Plant a Tree, Go Green"

Make In India : http://www.makeinindia.com/home


On Fri, Jul 15, 2022 at 12:43 PM Dmitri T <gl...@live.com> wrote:

> The error means that there is a problem with SSL certificate of the system
> you're testing.
>
> The reasons could be numerous:
>
>    1. Certificate has expired
>    2. Host mismatch
>    3. Self-signed
>    4. Untrusted
>    5. Revoked
>    6. Incomplete chain
>    7. etc.
>
> You can work it around either by importing the certificate of the endpoint
> you're testing into the truststore
> <https://www.baeldung.com/java-keystore-truststore-difference>and point
> JMeter to use this truststore via *javax.net.ssl.trustStore* system
> property. Truststore password can be set by
> *javax.net.ssl.trustStorePassword* system property. See Apache JMeter
> Properties Customization Guide
> <https://www.blazemeter.com/blog/jmeter-properties-customization> for
> more details.
>
> Another option is add the following snippet before you open the connection
> in your Groovy code:
>
>
> import javax.net.ssl.SSLContext;import javax.net.ssl.X509TrustManager;import javax.net.ssl.HttpsURLConnection;
> class TrustManager implements X509TrustManager {
>   public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null;  }
>   public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { }
>   public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { }
> }
>
> TrustManager[] trustAllCerts = new TrustManager[1]
> trustAllCerts[0] = new TrustManager()SSLContext sc = SSLContext.getInstance("SSL");
> sc.init(null, trustAllCerts, new java.security.SecureRandom());
> HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
>
> and the error should go away.
>
> And the best (in my opinion) way is to use JMeter's HTTP Request <https://jmeter.apache.org/usermanual/component_reference.html#HTTP_Request> sampler, as per documentation <https://jmeter.apache.org/usermanual/get-started.html#opt_ssl>:
> *The JMeter HTTP samplers are configured to accept all certificates,
> whether trusted or not, regardless of validity periods, etc.*
> This is to allow the maximum flexibility in testing servers.
>
> Moreover you will get way more metrics like connect time, latency, hits per second, etc. out of the box so the process of results analysis will be easier.
>
>
>
> On 7/15/2022 7:40 AM, Smruti Koyande wrote:
>
> Hi,
>
> I am getting the below error while running JSR223 Sampler. It just sends
> one simple GET API request.
>
> [image: image.png]
>
> [image: image.png]
>
>
> Regards,
> Smruti Koyande
>
>

Re: Certificate error while running test

Posted by Dmitri T <gl...@live.com>.

The error means that there is a problem with SSL certificate of the 
system you're testing.

The reasons could be numerous:

 1. Certificate has expired
 2. Host mismatch
 3. Self-signed
 4. Untrusted
 5. Revoked
 6. Incomplete chain
 7. etc.

You can work it around either by importing the certificate of the 
endpoint you're testing into the truststore 
<https://www.baeldung.com/java-keystore-truststore-difference>and point 
JMeter to use this truststore via *javax.net.ssl.trustStore* system 
property. Truststore password can be set by 
*javax.net.ssl.trustStorePassword* system property. See Apache JMeter 
Properties Customization Guide 
<https://www.blazemeter.com/blog/jmeter-properties-customization> for 
more details.

Another option is add the following snippet before you open the 
connection in your Groovy code:

|import javax.net.ssl.SSLContext; import javax.net.ssl.X509TrustManager; 
import javax.net.ssl.HttpsURLConnection; class TrustManager implements 
X509TrustManager { public java.security.cert.X509Certificate[] 
getAcceptedIssuers() { return null; } public void 
checkClientTrusted(java.security.cert.X509Certificate[] certs, String 
authType) { } public void 
checkServerTrusted(java.security.cert.X509Certificate[] certs, String 
authType) { } } TrustManager[] trustAllCerts = new TrustManager[1] 
trustAllCerts[0] = new TrustManager() SSLContext sc = 
SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new 
java.security.SecureRandom()); 
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); 
and the error should go away. And the best (in my opinion) way is to use 
JMeter's HTTP Request 
<https://jmeter.apache.org/usermanual/component_reference.html#HTTP_Request> 
sampler, as per documentation 
<https://jmeter.apache.org/usermanual/get-started.html#opt_ssl>: |
|*The JMeter HTTP samplers are configured to accept all certificates, 
whether trusted or not, regardless of validity periods, etc.* This is to 
allow the maximum flexibility in testing servers. Moreover you will get 
way more metrics like connect time, latency, hits per second, etc. out 
of the box so the process of results analysis will be easier. |

On 7/15/2022 7:40 AM, Smruti Koyande wrote:
> Hi,
>
> I am getting the below error while running JSR223 Sampler. It 
> just sends one simple GET API request.
>
> image.png
>
> image.png
>
>
> Regards,
> Smruti Koyande
>

RE: Certificate error while running test

Posted by Jo...@wellsfargo.com.INVALID.

The trust store used by JMeter probably does not contain the certificate authority that signed the server’s certificate.

If you’re unsure which CA it is, just hit the endpoint in your browser.

By default, JMeter users the JDK’s trust store.  If you’re hitting an internal server with a cert signed by your company’s own CA, you’ll need to add it to your trust store or create a new trust store and tell JMeter to use it.

From: Smruti Koyande <sm...@cateina.com>>
Date: Friday, Jul 15, 2022, 12:41 AM
To: JMeter Users List <us...@jmeter.apache.org>>
Subject: Certificate error while running test

Hi,

I am getting the below error while running JSR223 Sampler. It just sends one simple GET API request.

[image.png]

[image.png]

Regards,
Smruti Koyande