https://issues.apache.org/bugzilla/show_bug.cgi?id=56057
--- Comment #3 from Sebb <[email protected]> --- (In reply to Michael Aichlmayr from comment #2) > This is easily understood when all these facts are known, but it is a > significant point of confusion to tell the user "Root CA Certificate: > ApacheJMeterTemporaryRootCA created in JMeter bin directory" when in fact > nothing has been done because the certificate still exists inside the > keystore. I see what you are getting at now; the message is misleading. > What exacerbates this is that no mention of the keystore is made and as it > has a completely unrelated file-name there is nothing to suggest to look for > it if a person is not aware that it exists (as would be the case for anyone > trying to do this for the first time and following one of the various > tutorials including the one on the apache.org site itself. It would make > much more sense (IMHO) to check for the .crt file and recreated it if it is > missing. As JMeter 'knows' how to do this, it makes sense for it to make > sure that the file is there rather than forcing the user to figure out why > it wasn't recreated and either how to generate the .crt from the keystore or > to delete the keystore in order to force JMeter to do so. > > While I understand that it is an unusual circumstance that someone might > remove the .crt file at all, it is the first thing to try when something > fails. Not sure I follow that logic. > Besides the circumstance that caused me to remove the file (trying to > force JMeter 2.10 to replace the expired one), I count at least two other > circumstances online that others have encountered, both related to > installation and upgrade of Java. This leaves a bewildered user scouring the > forums and help pages looking for something that could easily be avoided by > a simple file-check in the code. The documentation [1] says: "If necessary, you can force JMeter to regenerate the keystore (and the exported certificates - ApacheJMeterTemporaryRootCA[.usr|.crt]) by deleting the keystore file proxyserver.jks from the JMeter directory. " Is that not clear? [1] http://jmeter.apache.org/usermanual/component_reference.html#HTTP%28S%29_Test_Script_Recorder > Regards the failure of 2.10 to replace the expired .crt (the original cause > of this investigation), I believe I have provided sufficient evidence to > that issue for JMeter 2.10, however proving that 2.11 still exhibits this > behavior will take some time as know of no other means to test this short of > waiting for the current .crt file to expire in my installation. Unless I > learn of a means to do this in advance of that, I will see to it that I > report back when it does. You can change the default expiry date from 7 days to 1 day (I don't think 0 days will work) by changing the following jmeter.property entry: proxy.cert.validity=7 -- You are receiving this mail because: You are the assignee for the bug.
