Has anyone been able to make HTTPS work in jmeter? If so, please tell me how you accomplished this. I always receive the "Is Server Trusted?" message after it prompts me for my keystore password.
I have used openssl0.9.6b for Windows to become my own certificate authority. I am using jdk1.4.1, unstable Jmeter version 1.7.3 running on a Mandrake 8.1 Linux Box, and tomcat 4.0.3. My certificate authority is installed on the same Windows XP machine as the tomcat server. Jmeter is installed on my lLnux box as well as jdk1.4.1 for Mandrake linx. I have used the following procedure to become my own certificate authority. *********************************************** .1 Generate the CA(Certificate Authority) key openssl genrsa -rand -des -out ca.key 1024 .2 Create a self signed certificate openssl req -new -x509 -day 365 -key ca.key -out ca.crt .3 Prompted for location information for the ca.crt certificate. I enter information for every field. For the name of the certificate I use certificate authority. .4 Setup the OpenSSL CA tools mkdir demoCA mkdir demoCA/newcerts create a empty demoCA/index.txt file copy ca.crt to demoCA directory echo 01 > demoCA/serial directory Note: Now, create the client application's key store and export its public key so my own CA can sign it. I enter information for all of the fields, using the same organization and organization unit information as for the certificate authority. I also use a different name then the certificate authority. For the name of the certificate, I use Tomcat Tomcat. .5 Create a new key store for the client application. I use keytool on my linux box to create the keystore keytool -keystore clienttestkeys -genkey -alias client .6 Export the client's public key on my linux box keytool -keystore clienttestkeys -certreq -alias client -file client.crs Note: Now, I save it to a floppy, and then I take it to my Windows XP machine where the certificate authority is installed. .7 Sign the client's key with my CA key on my Windows XP machine openssl ca -config /usr/local/ssl/openssl.cnf -in client.crs -out client.crs.pem -keyfile ca.key Note: Now, I have a file called client.crs.pem, which is the signed public key. It needs to be converted to a format suitable for the JDK's keytool command, and then save it to floppy and import into clienttestkeys keystore on the linux box. .8 Convert to DER format openssl x509 -in client.crs.pem -out client.crs.der -outform DER .9 Import CA certificate (ca.crt) into client's keystore keytool -keystore clienttestkeys -alias client_ca -import ca.crt .10 Import client's signed key into clients' key store keytool -keystore clienttestkeys -alias client -import -file client.crs.der Then, I execute steps 4-9 on the Windows XP for the tomcat server. Since the certificate authority is on the Windows XP machine, I perform all of these steps on the same machine. This time, I substitute the word tomcat everywhere you see client. ************************************************* After I do this, I run Jmeter and it still gives me "Is Server Trusted?" and the GIU tells me NON HTTP Response Code. Next, since Jmeter looks for the default ".keystore" file on my linux box under the user directory which happens to be /root/.keystore, I create this file by copying my clienttestkeys to the /root directory and renaming it to ".keystore". Next, since Jmeter uses the default truststore cacerts file, I have to import Certificate Authority (ca.crt) file that I created on the Windows XP machine to the cacerts keystore on my linux box. So, I copy ca.crt to floppy and bring it to my linux box. I do the following to import to cacert keystore. I do this in the same directory as my cacerts file. keytool -import -file ca.crt -trustcacerts -keystore cacerts -storepass changeit Note: I have used "changeit" for the password for all of these steps. Now, I try my test, and Jmeter still asks me "Is Server Trusted?". Next, I import my tomcat certifate into the cacerts file by doing the following keytool -import -file tomcat.crs.der -trustcacerts -keystore cacerts -storepass changeit Now, I try my test, and Jmeter still asks me "Is Server Trusted?" I am really not sure how I am supposed to use HTTPS, but if anyone has suggestions or instructions, please let me know. Regards, Tony -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
