Certificate error when trying to test a website with a SHA-512 self signed certificate

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Certificate error when trying to test a website with a SHA-512 self signed certificate

João Lobinho Amaral
Hello,

I'm looking for help on this.

When trying to test the load of a website with a SHA-512 self-signed certificate I receive this error:
Response code: Non HTTP response code: javax.net.ssl.SSLHandshakeException
Response message: Non HTTP response message: java.security.cert.CertificateException: Certificates do not conform to algorithm constraints


I've already tried to comment out the values on \Java\jre1.8.0_201\lib\security\java.security to what is recommended here:
https://stackoverflow.com/questions/14149545/java-security-cert-certificateexception-certificates-does-not-conform-to-algori


This doesn't help.

java -version
java version "1.8.0_201"
Java(TM) SE Runtime Environment (build 1.8.0_201-b09)
Java HotSpot(TM) 64-Bit Server VM (build 25.201-b09, mixed mode)


Any help here?

Kind regards,
João

Reply | Threaded
Open this post in threaded view
|

Re: Certificate error when trying to test a website with a SHA-512 self signed certificate

Brian Wolfe
You might need to install JCE into your java. I think the sha512 algorithm
may be one of the restricted ones that aren't allowed to be in the standard
install due to export restrictions.


On Tue, Mar 19, 2019, 11:53 João Lobinho Amaral <[hidden email]>
wrote:

> Hello,
>
> I'm looking for help on this.
>
> When trying to test the load of a website with a SHA-512 self-signed
> certificate I receive this error:
> Response code: Non HTTP response code: javax.net.ssl.SSLHandshakeException
> Response message: Non HTTP response message:
> java.security.cert.CertificateException: Certificates do not conform to
> algorithm constraints
>
>
> I've already tried to comment out the values on
> \Java\jre1.8.0_201\lib\security\java.security to what is recommended here:
>
> https://stackoverflow.com/questions/14149545/java-security-cert-certificateexception-certificates-does-not-conform-to-algori
>
>
> This doesn't help.
>
> java -version
> java version "1.8.0_201"
> Java(TM) SE Runtime Environment (build 1.8.0_201-b09)
> Java HotSpot(TM) 64-Bit Server VM (build 25.201-b09, mixed mode)
>
>
> Any help here?
>
> Kind regards,
> João
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Certificate error when trying to test a website with a SHA-512 self signed certificate

Kiran Badi
try with simple httpclient get request outside of jmeter and see if you still get that error.

Are you able to get output for below call
openssl s_client -showcerts -connect <server>:<port>

possible for you to paste that output.




 

    On Tuesday, March 19, 2019, 12:47:35 PM EDT, Brian Wolfe <[hidden email]> wrote:  
 
 You might need to install JCE into your java. I think the sha512 algorithm
may be one of the restricted ones that aren't allowed to be in the standard
install due to export restrictions.


On Tue, Mar 19, 2019, 11:53 João Lobinho Amaral <[hidden email]>
wrote:

> Hello,
>
> I'm looking for help on this.
>
> When trying to test the load of a website with a SHA-512 self-signed
> certificate I receive this error:
> Response code: Non HTTP response code: javax.net.ssl.SSLHandshakeException
> Response message: Non HTTP response message:
> java.security.cert.CertificateException: Certificates do not conform to
> algorithm constraints
>
>
> I've already tried to comment out the values on
> \Java\jre1.8.0_201\lib\security\java.security to what is recommended here:
>
> https://stackoverflow.com/questions/14149545/java-security-cert-certificateexception-certificates-does-not-conform-to-algori
>
>
> This doesn't help.
>
> java -version
> java version "1.8.0_201"
> Java(TM) SE Runtime Environment (build 1.8.0_201-b09)
> Java HotSpot(TM) 64-Bit Server VM (build 25.201-b09, mixed mode)
>
>
> Any help here?
>
> Kind regards,
> João
>
>  
Reply | Threaded
Open this post in threaded view
|

RE: Certificate error when trying to test a website with a SHA-512 self signed certificate

João Lobinho Amaral
Thanks for the help guys.

Installing JCE didn't help.

Can't use that tool on Windows but here you go the details of the certificate:
Signature Algorithm: RSASSA-PSS
Signature Hash Algoritm: sha512
Valid from: ‎2 ‎October, ‎2018 8:30:30 AM
Valid to: ‎2 ‎October, ‎2019 8:30:30 AM
Public Key: RSA (1024 Bits)

Please remember it's a self signed certificate. When I try to test a website that has a valid CA certificate it doesn't throw the error.

Thank you

-----Original Message-----
From: Kiran Badi [mailto:[hidden email]]
Sent: 19 March, 2019 4:54 PM
To: JMeter Users List <[hidden email]>
Subject: Re: Certificate error when trying to test a website with a SHA-512 self signed certificate

try with simple httpclient get request outside of jmeter and see if you still get that error.

Are you able to get output for below call openssl s_client -showcerts -connect <server>:<port>

possible for you to paste that output.




 

    On Tuesday, March 19, 2019, 12:47:35 PM EDT, Brian Wolfe <[hidden email]> wrote:  
 
 You might need to install JCE into your java. I think the sha512 algorithm may be one of the restricted ones that aren't allowed to be in the standard install due to export restrictions.


On Tue, Mar 19, 2019, 11:53 João Lobinho Amaral <[hidden email]>
wrote:

> Hello,
>
> I'm looking for help on this.
>
> When trying to test the load of a website with a SHA-512 self-signed
> certificate I receive this error:
> Response code: Non HTTP response code:
> javax.net.ssl.SSLHandshakeException
> Response message: Non HTTP response message:
> java.security.cert.CertificateException: Certificates do not conform
> to algorithm constraints
>
>
> I've already tried to comment out the values on
> \Java\jre1.8.0_201\lib\security\java.security to what is recommended here:
>
> https://stackoverflow.com/questions/14149545/java-security-cert-certif
> icateexception-certificates-does-not-conform-to-algori
>
>
> This doesn't help.
>
> java -version
> java version "1.8.0_201"
> Java(TM) SE Runtime Environment (build 1.8.0_201-b09) Java HotSpot(TM)
> 64-Bit Server VM (build 25.201-b09, mixed mode)
>
>
> Any help here?
>
> Kind regards,
> João
>
>  

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Certificate error when trying to test a website with a SHA-512 self signed certificate

Felix Schumacher


Am 20. März 2019 10:46:57 MEZ schrieb "João Lobinho Amaral" <[hidden email]>:
>Thanks for the help guys.
>
>Installing JCE didn't help.
>
>Can't use that tool on Windows but here you go the details of the
>certificate:
>Signature Algorithm: RSASSA-PSS

https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8146293

I think JDK 8 has not been updated to include a fix (yet?)

So maybe you have a chance trying Java 11 or try another cert authority that uses signatures Java 8 can handle.

Regards,
 Felix

>Signature Hash Algoritm: sha512
>Valid from: ‎2 ‎October, ‎2018 8:30:30 AM
>Valid to: ‎2 ‎October, ‎2019 8:30:30 AM
>Public Key: RSA (1024 Bits)
>
>Please remember it's a self signed certificate. When I try to test a
>website that has a valid CA certificate it doesn't throw the error.
>
>Thank you
>
>-----Original Message-----
>From: Kiran Badi [mailto:[hidden email]]
>Sent: 19 March, 2019 4:54 PM
>To: JMeter Users List <[hidden email]>
>Subject: Re: Certificate error when trying to test a website with a
>SHA-512 self signed certificate
>
>try with simple httpclient get request outside of jmeter and see if you
>still get that error.
>
>Are you able to get output for below call openssl s_client -showcerts
>-connect <server>:<port>
>
>possible for you to paste that output.
>
>
>
>
>
>
>On Tuesday, March 19, 2019, 12:47:35 PM EDT, Brian Wolfe
><[hidden email]> wrote:  
>
>You might need to install JCE into your java. I think the sha512
>algorithm may be one of the restricted ones that aren't allowed to be
>in the standard install due to export restrictions.
>
>
>On Tue, Mar 19, 2019, 11:53 João Lobinho Amaral
><[hidden email]>
>wrote:
>
>> Hello,
>>
>> I'm looking for help on this.
>>
>> When trying to test the load of a website with a SHA-512 self-signed
>> certificate I receive this error:
>> Response code: Non HTTP response code:
>> javax.net.ssl.SSLHandshakeException
>> Response message: Non HTTP response message:
>> java.security.cert.CertificateException: Certificates do not conform
>> to algorithm constraints
>>
>>
>> I've already tried to comment out the values on
>> \Java\jre1.8.0_201\lib\security\java.security to what is recommended
>here:
>>
>>
>https://stackoverflow.com/questions/14149545/java-security-cert-certif
>> icateexception-certificates-does-not-conform-to-algori
>>
>>
>> This doesn't help.
>>
>> java -version
>> java version "1.8.0_201"
>> Java(TM) SE Runtime Environment (build 1.8.0_201-b09) Java
>HotSpot(TM)
>> 64-Bit Server VM (build 25.201-b09, mixed mode)
>>
>>
>> Any help here?
>>
>> Kind regards,
>> João
>>
>>  

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]