hi, No idea whether JMeter validates the hostname. I thought not, as I have some tests that access the server by IP address, and the server certificate has a hostname. A couple of ideas to try to narrow down the problem
- check jmeter.log You should see some INFO entries from jmeter.util.SSLManager, see if your keystore and aliases are loaded as expected. - java keytool problems I once could not get the keytool to work (it might have been a OpenJDK on Linux issue, I did not get around to try with Oracle JDK); I exported certificate/key to a .p12 file instead and it worked. Btw, for quicker troubleshooting, you can also pass all the SSL options directly from the command line, as opposite to editing jmeter.properties, i.e. -Djavax.net.ssl.keyStoreType=PKCS12 hope this helps Ivan On Fri, Oct 14, 2016 at 12:35 PM, Stuart Barlow <[email protected]> wrote: > Hi > > In test environments self-signed certificates are common and they're not > always created in the right way. I'm trying to connect via HTTPS Request to > a website that uses a self-signed cert where the hostname is not correctly > set inside the cert. The CN field has a value like "test-web-cert" and that > cert is also used by two different domains. It's deployed for both > https://www.test1.thirdpartywebsite.com and https://www.test2.thirdpartywe > bsite.com > > I can access these websites from a browser and can view the certificate > this way. The browser is more forgiving than JMeter. I tried exporting it > from the browser and importing into the truststore used by JMeter (I set > javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword in > system.properties) and also into the cacerts in my JRE lib/security folder. > Both of these didn't work. > > I always see this in the Response Tab of a Results Tree: > > java.net.SocketTimeoutException: Read timed out > at java.net.SocketInputStream.socketRead0(Native Method) > at java.net.SocketInputStream.socketRead(SocketInputStream.java > :116) > at java.net.SocketInputStream.read(SocketInputStream.java:170) > at java.net.SocketInputStream.read(SocketInputStream.java:141) > at sun.security.ssl.InputRecord.readFully(InputRecord.java:465) > at sun.security.ssl.InputRecord.read(InputRecord.java:503) > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl. > java:973) > at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSo > cketImpl.java:1375) > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl. > java:1403) > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl. > java:1387) > at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocke > t(SSLSocketFactory.java:573) > at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocke > t(SSLSocketFactory.java:447) > at org.apache.jmeter.protocol.http.sampler.LazySchemeSocketFact > ory.createLayeredSocket(LazySchemeSocketFactory.java:121) > at org.apache.http.impl.conn.DefaultClientConnectionOperator. > updateSecureConnection(DefaultClientConnectionOperator.java:219) > at org.apache.http.impl.conn.ManagedClientConnectionImpl.layerP > rotocol(ManagedClientConnectionImpl.java:421) > at org.apache.jmeter.protocol.http.sampler.MeasuringConnectionM > anager$MeasuredConnection.layerProtocol(MeasuringConnectionM > anager.java:152) > at org.apache.http.impl.client.DefaultRequestDirector.establish > Route(DefaultRequestDirector.java:815) > at org.apache.http.impl.client.DefaultRequestDirector.tryConnec > t(DefaultRequestDirector.java:616) > at org.apache.http.impl.client.DefaultRequestDirector.execute(D > efaultRequestDirector.java:447) > at org.apache.http.impl.client.AbstractHttpClient.doExecute(Abs > tractHttpClient.java:884) > at org.apache.http.impl.client.CloseableHttpClient.execute(Clos > eableHttpClient.java:82) > at org.apache.http.impl.client.CloseableHttpClient.execute(Clos > eableHttpClient.java:55) > at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeR > equest(HTTPHC4Impl.java:619) > at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample( > HTTPHC4Impl.java:379) > at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sam > ple(HTTPSamplerProxy.java:74) > at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.samp > le(HTTPSamplerBase.java:1146) > at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.samp > le(HTTPSamplerBase.java:1135) > at org.apache.jmeter.threads.JMeterThread.executeSamplePackage( > JMeterThread.java:465) > at org.apache.jmeter.threads.JMeterThread.processSampler(JMeter > Thread.java:410) > at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java > :241) > at java.lang.Thread.run(Thread.java:745) > > My theory at the moment is that the SSL handshake is dropped because of > hostname validation. I'm trying to connect to > https://www.test1.thirdpartywebsite.com but the certificate contains > value test-web-cert. They don't match so the connection is dropped. I'm > able to use curl with the -k option to retrieve the content if that's > relevant. > > Can anyone tell me if there is a way in JMeter to disable hostname > validation during SSL Handshake? > > > Thanks, > > Stuart > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
