I managed to use the new certificate with Firefox on Windows, so I have now updated the copy in SVN.
Hopefully Mac browsers can also use the new certificate. Note that the user can of course use their own certificate by adjusting the properties that JMeter uses to read it. On 26 July 2013 21:26, Philippe Mouawad <philippe.moua...@gmail.com> wrote: > Thanks sebb > > On Fri, Jul 26, 2013 at 5:55 PM, sebb <seb...@gmail.com> wrote: > >> As I expect you know, the script that was used to generate the >> certificate is in extras/proxycert.[sh|cmd] >> >> The current certificate expires next year: >> >> Keystore type: JKS >> Keystore provider: SUN >> >> Your keystore contains 1 entry >> >> $ keytool -list -v -keystore proxyserver.jks -storepass password >> Alias name: jmeter >> Creation date: 05-Aug-2009 >> Entry type: PrivateKeyEntry >> Certificate chain length: 1 >> Certificate[1]: >> Owner: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US >> Issuer: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US >> Serial number: 4a7a0ad5 >> Valid from: Wed Aug 05 23:42:29 BST 2009 until: Mon Aug 04 23:42:29 BST >> 2014 >> Certificate fingerprints: >> MD5: E0:CA:71:36:DC:4A:18:32:D9:B3:2B:6F:58:65:37:77 >> SHA1: 90:C3:E8:B0:F1:8D:79:30:39:B5:9A:AA:E0:6F:48:3B:92:30:C8:DF >> SHA256: >> >> C4:34:1E:3D:E2:87:23:2B:8E:2B:BD:17:91:2F:4C:D2:9A:50:5D:44:8E:43:9B:3A:9E:09:6C:D6:5A:46:9C:B1 >> Signature algorithm name: MD5withRSA >> Version: 1 >> >> I just tried using the keytool from Java 7, and the certificate it >> createad looks like this: >> >> >>>>>> >> Keystore type: JKS >> Keystore provider: SUN >> >> Your keystore contains 1 entry >> >> Alias name: jmeter >> Creation date: 26-Jul-2013 >> Entry type: PrivateKeyEntry >> Certificate chain length: 1 >> Certificate[1]: >> Owner: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US >> Issuer: CN=JMeter Proxy, OU=JMeter, O=Apache Software Foundation, C=US >> Serial number: 1b7a11fb >> Valid from: Fri Jul 26 16:29:35 BST 2013 until: Wed Jul 25 16:29:35 BST >> 2018 >> Certificate fingerprints: >> MD5: 26:82:F5:FF:B4:CD:B9:12:4E:6F:FA:D9:62:59:DE:D2 >> SHA1: AD:FA:59:47:A0:86:92:36:D0:42:51:F2:AA:C8:7E:99:20:28:84:3A >> SHA256: >> >> 66:92:FD:1C:EE:BC:F9:C4:E4:F9:F8:9A:3A:1F:55:6F:62:AD:1B:E6:45:AA:B7:AD:D6:93:ED:C8:84:E5:10:07 >> Signature algorithm name: SHA256withRSA >> Version: 3 >> >> Extensions: >> >> #1: ObjectId: 2.5.29.14 Criticality=false >> SubjectKeyIdentifier [ >> KeyIdentifier [ >> 0000: 40 E9 82 67 5C 22 45 1B EB E3 85 C3 0F BC E6 5C @..g\"E........\ >> 0010: 40 8C 84 50 @..P >> ] >> ] >> <<<<<<<<< >> >> That looks like it may work on iOS6 >> >> I'll send you a copy by private mail. >> >> On 25 July 2013 23:02, Philippe Mouawad <philippe.moua...@gmail.com> >> wrote: >> > It seems it is not possible with keytool (at least version 6). >> > >> > I will continue investigations, if you already know about it ,tell me. >> > >> > Thanks >> > >> > On Thu, Jul 25, 2013 at 3:15 PM, sebb <seb...@gmail.com> wrote: >> > >> >> On 24 July 2013 06:54, Philippe Mouawad <philippe.moua...@gmail.com> >> >> wrote: >> >> > Hello, >> >> > IOS 6 does not trust any Root CA that is based on MD5 hashing. It >> works >> >> > with SHA1. >> >> > >> >> > We should upgrade JMeter certificate so that it is usable for mobile >> >> > recording if it is possible >> >> >> >> OK by me. >> >> >> >> > Regards >> >> > Philippe >> >> > >> >> > >> >> > -- >> >> > Cordialement. >> >> > Philippe Mouawad. >> >> >> > >> > >> > >> > -- >> > Cordialement. >> > Philippe Mouawad. >> > > > > -- > Cordialement. > Philippe Mouawad.
