No idea whether JMeter validates the hostname. I thought not, as I have
some tests that access the server by IP address, and the server certificate
has a hostname.
A couple of ideas to try to narrow down the problem

- check jmeter.log
You should see some INFO entries from jmeter.util.SSLManager, see if your
keystore and aliases are loaded as expected.
- java keytool problems
I once could not get the keytool to work (it might have been a OpenJDK on
Linux issue, I did not get around to try with Oracle JDK); I exported
certificate/key to a .p12 file instead and it worked.

Btw, for quicker troubleshooting, you can also pass all the SSL options
directly from the command line, as opposite to editing jmeter.properties,

hope this helps

On Fri, Oct 14, 2016 at 12:35 PM, Stuart Barlow <stuart.bar...@gmail.com>

> Hi
> In test environments self-signed certificates are common and they're not
> always created in the right way. I'm trying to connect via HTTPS Request to
> a website that uses a self-signed cert where the hostname is not correctly
> set inside the cert. The CN field has a value like "test-web-cert" and that
> cert is also used by two different domains. It's deployed for both
> https://www.test1.thirdpartywebsite.com and https://www.test2.thirdpartywe
> bsite.com
> I can access these websites from a browser and can view the certificate
> this way. The browser is more forgiving than JMeter. I tried exporting it
> from the browser and importing into the truststore used by JMeter (I set
> javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword in
> system.properties) and also into the cacerts in my JRE lib/security folder.
> Both of these didn't work.
> I always see this in the Response Tab of a Results Tree:
> java.net.SocketTimeoutException: Read timed out
>         at java.net.SocketInputStream.socketRead0(Native Method)
>         at java.net.SocketInputStream.socketRead(SocketInputStream.java
> :116)
>         at java.net.SocketInputStream.read(SocketInputStream.java:170)
>         at java.net.SocketInputStream.read(SocketInputStream.java:141)
>         at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
>         at sun.security.ssl.InputRecord.read(InputRecord.java:503)
>         at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.
> java:973)
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSo
> cketImpl.java:1375)
>         at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.
> java:1403)
>         at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.
> java:1387)
>         at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocke
> t(SSLSocketFactory.java:573)
>         at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocke
> t(SSLSocketFactory.java:447)
>         at org.apache.jmeter.protocol.http.sampler.LazySchemeSocketFact
> ory.createLayeredSocket(LazySchemeSocketFactory.java:121)
>         at org.apache.http.impl.conn.DefaultClientConnectionOperator.
> updateSecureConnection(DefaultClientConnectionOperator.java:219)
>         at org.apache.http.impl.conn.ManagedClientConnectionImpl.layerP
> rotocol(ManagedClientConnectionImpl.java:421)
>         at org.apache.jmeter.protocol.http.sampler.MeasuringConnectionM
> anager$MeasuredConnection.layerProtocol(MeasuringConnectionM
> anager.java:152)
>         at org.apache.http.impl.client.DefaultRequestDirector.establish
> Route(DefaultRequestDirector.java:815)
>         at org.apache.http.impl.client.DefaultRequestDirector.tryConnec
> t(DefaultRequestDirector.java:616)
>         at org.apache.http.impl.client.DefaultRequestDirector.execute(D
> efaultRequestDirector.java:447)
>         at org.apache.http.impl.client.AbstractHttpClient.doExecute(Abs
> tractHttpClient.java:884)
>         at org.apache.http.impl.client.CloseableHttpClient.execute(Clos
> eableHttpClient.java:82)
>         at org.apache.http.impl.client.CloseableHttpClient.execute(Clos
> eableHttpClient.java:55)
>         at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeR
> equest(HTTPHC4Impl.java:619)
>         at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(
> HTTPHC4Impl.java:379)
>         at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sam
> ple(HTTPSamplerProxy.java:74)
>         at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.samp
> le(HTTPSamplerBase.java:1146)
>         at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.samp
> le(HTTPSamplerBase.java:1135)
>         at org.apache.jmeter.threads.JMeterThread.executeSamplePackage(
> JMeterThread.java:465)
>         at org.apache.jmeter.threads.JMeterThread.processSampler(JMeter
> Thread.java:410)
>         at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java
> :241)
>         at java.lang.Thread.run(Thread.java:745)
> My theory at the moment is that the SSL handshake is dropped because of
> hostname validation. I'm trying to connect to
> https://www.test1.thirdpartywebsite.com but the certificate contains
> value test-web-cert. They don't match so the connection is dropped. I'm
> able to use curl with the -k option to retrieve the content if that's
> relevant.
> Can anyone tell me if there is a way in JMeter to disable hostname
> validation during SSL Handshake?
> Thanks,
> Stuart
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org
> For additional commands, e-mail: user-h...@jmeter.apache.org

Reply via email to