Re: update Jmeter proxy certificate

sebb Fri, 26 Jul 2013 08:57:16 -0700

As I expect you know, the script that was used to generate the
certificate is in extras/proxycert.[sh|cmd]


The current certificate expires next year:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

$ keytool -list -v -keystore proxyserver.jks -storepass password
Alias name: jmeter
Creation date: 05-Aug-2009
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US
Issuer: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US
Serial number: 4a7a0ad5
Valid from: Wed Aug 05 23:42:29 BST 2009 until: Mon Aug 04 23:42:29 BST 2014
Certificate fingerprints:
         MD5:  E0:CA:71:36:DC:4A:18:32:D9:B3:2B:6F:58:65:37:77
         SHA1: 90:C3:E8:B0:F1:8D:79:30:39:B5:9A:AA:E0:6F:48:3B:92:30:C8:DF
         SHA256:
C4:34:1E:3D:E2:87:23:2B:8E:2B:BD:17:91:2F:4C:D2:9A:50:5D:44:8E:43:9B:3A:9E:09:6C:D6:5A:46:9C:B1
         Signature algorithm name: MD5withRSA
         Version: 1

I just tried using the keytool from Java 7, and the certificate it
createad looks like this:

>>>>>>
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: jmeter
Creation date: 26-Jul-2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US
Issuer: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US
Serial number: 1b7a11fb
Valid from: Fri Jul 26 16:29:35 BST 2013 until: Wed Jul 25 16:29:35 BST 2018
Certificate fingerprints:
         MD5:  26:82:F5:FF:B4:CD:B9:12:4E:6F:FA:D9:62:59:DE:D2
         SHA1: AD:FA:59:47:A0:86:92:36:D0:42:51:F2:AA:C8:7E:99:20:28:84:3A
         SHA256:
66:92:FD:1C:EE:BC:F9:C4:E4:F9:F8:9A:3A:1F:55:6F:62:AD:1B:E6:45:AA:B7:AD:D6:93:ED:C8:84:E5:10:07
         Signature algorithm name: SHA256withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 40 E9 82 67 5C 22 45 1B   EB E3 85 C3 0F BC E6 5C  @..g\"E........\
0010: 40 8C 84 50                                        @..P
]
]
<<<<<<<<<

That looks like it may work on iOS6

I'll send you a copy by private mail.

On 25 July 2013 23:02, Philippe Mouawad <philippe.moua...@gmail.com> wrote:
> It seems it is not possible with keytool (at least version 6).
>
> I will continue investigations, if you already know about it ,tell me.
>
> Thanks
>
> On Thu, Jul 25, 2013 at 3:15 PM, sebb <seb...@gmail.com> wrote:
>
>> On 24 July 2013 06:54, Philippe Mouawad <philippe.moua...@gmail.com>
>> wrote:
>> > Hello,
>> > IOS 6 does not trust any Root CA that is based on MD5 hashing. It works
>> > with SHA1.
>> >
>> > We should upgrade JMeter certificate so that it is usable for mobile
>> > recording if it is possible
>>
>> OK by me.
>>
>> > Regards
>> > Philippe
>> >
>> >
>> > --
>> > Cordialement.
>> > Philippe Mouawad.
>>
>
>
>
> --
> Cordialement.
> Philippe Mouawad.

Re: update Jmeter proxy certificate

Reply via email to