Problem with Jmeter and client certificate authentication - unknown_certificate

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem with Jmeter and client certificate authentication - unknown_certificate

ohaya@yahoo.com.INVALID
Hi,
I am using Jmeter to test client certificate authentication.
I have a JKS with a bunch of client certs (imported from pfx files) and I have Jmeter properties pointing to that JKS.

In my test plan, I have a CSV Configuration (pointing to a text file with the list of aliases in the JKS) and a Keystore Configuration and it seems to work ok until I run a longer test, then I start getting the following errors:
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:553)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:414)
    at org.apache.jmeter.protocol.http.sampler.LazySchemeSocketFactory.connectSocket(LazySchemeSocketFactory.java:97)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
    at org.apache.jmeter.protocol.http.sampler.hc.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:318)
    at org.apache.jmeter.protocol.http.sampler.MeasuringConnectionManager$MeasuredConnection.open(MeasuringConnectionManager.java:114)
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445)
    at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
    at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:697)
    at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:455)
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.followRedirects(HTTPSamplerBase.java:1542)
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.resultProcessing(HTTPSamplerBase.java:1636)
    at org.apache.jmeter.protocol.http.sampler.HTTPAbstractImpl.resultProcessing(HTTPAbstractImpl.java:525)
    at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:536)
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1189)
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1178)
    at org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:490)
    at org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:416)
    at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:250)
    at java.lang.Thread.run(Unknown Source)
What certificate is it referring to when it says "unknown_certificate"?
Can anyone tell me what the problem might be?
Thanks,Jim
Reply | Threaded
Open this post in threaded view
|

Re: Problem with Jmeter and client certificate authentication - unknown_certificate

Felix Schumacher


Am 22. Februar 2020 16:41:07 MEZ schrieb "[hidden email]" <[hidden email]>:

>Hi,
>I am using Jmeter to test client certificate authentication.
>I have a JKS with a bunch of client certs (imported from pfx files) and
>I have Jmeter properties pointing to that JKS.
>
>In my test plan, I have a CSV Configuration (pointing to a text file
>with the list of aliases in the JKS) and a Keystore Configuration and
>it seems to work ok until I run a longer test, then I start getting the
>following errors:
>javax.net.ssl.SSLHandshakeException: Received fatal alert:
>certificate_unknown
>    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
>    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
>    at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
>    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
>    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
>Source)
>    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
>    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
>    at
>org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:553)
>    at
>org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:414)
>    at
>org.apache.jmeter.protocol.http.sampler.LazySchemeSocketFactory.connectSocket(LazySchemeSocketFactory.java:97)
>    at
>org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
>    at
>org.apache.jmeter.protocol.http.sampler.hc.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:318)
>    at
>org.apache.jmeter.protocol.http.sampler.MeasuringConnectionManager$MeasuredConnection.open(MeasuringConnectionManager.java:114)
>    at
>org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610)
>    at
>org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445)
>    at
>org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
>    at
>org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:697)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:455)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.followRedirects(HTTPSamplerBase.java:1542)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.resultProcessing(HTTPSamplerBase.java:1636)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPAbstractImpl.resultProcessing(HTTPAbstractImpl.java:525)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:536)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1189)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1178)
>    at
>org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:490)
>    at
>org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:416)
>    at
>org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:250)
>    at java.lang.Thread.run(Unknown Source)
>What certificate is it referring to when it says "unknown_certificate"?
>Can anyone tell me what the problem might be?

Have you looked into the file jmeter.log? Is there more information?

Felix

>Thanks,Jim

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Problem with Jmeter and client certificate authentication - unknown_certificate

ohaya@yahoo.com.INVALID
Felix
I will check the jmeter.log, but am I correct that for the CSV config I just have a text list of aliases?

Sent from Yahoo Mail on Android
Reply | Threaded
Open this post in threaded view
|

Re: Problem with Jmeter and client certificate authentication - unknown_certificate

ohaya@yahoo.com.INVALID
In reply to this post by Felix Schumacher
 Hi,
I checked the jmeter.log, and I don't see any additional info about this error.
Any idea which certificate it is referring to with the "unknown_certificate"?
Jim


    On Saturday, February 22, 2020, 6:48:49 PM UTC, Felix Schumacher <[hidden email]> wrote:  
 
 

Am 22. Februar 2020 16:41:07 MEZ schrieb "[hidden email]" <[hidden email]>:

>Hi,
>I am using Jmeter to test client certificate authentication.
>I have a JKS with a bunch of client certs (imported from pfx files) and
>I have Jmeter properties pointing to that JKS.
>
>In my test plan, I have a CSV Configuration (pointing to a text file
>with the list of aliases in the JKS) and a Keystore Configuration and
>it seems to work ok until I run a longer test, then I start getting the
>following errors:
>javax.net.ssl.SSLHandshakeException: Received fatal alert:
>certificate_unknown
>    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
>    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
>    at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
>    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
>    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
>Source)
>    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
>    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
>    at
>org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:553)
>    at
>org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:414)
>    at
>org.apache.jmeter.protocol.http.sampler.LazySchemeSocketFactory.connectSocket(LazySchemeSocketFactory.java:97)
>    at
>org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
>    at
>org.apache.jmeter.protocol.http.sampler.hc.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:318)
>    at
>org.apache.jmeter.protocol.http.sampler.MeasuringConnectionManager$MeasuredConnection.open(MeasuringConnectionManager.java:114)
>    at
>org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610)
>    at
>org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445)
>    at
>org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
>    at
>org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:697)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:455)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.followRedirects(HTTPSamplerBase.java:1542)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.resultProcessing(HTTPSamplerBase.java:1636)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPAbstractImpl.resultProcessing(HTTPAbstractImpl.java:525)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:536)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1189)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1178)
>    at
>org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:490)
>    at
>org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:416)
>    at
>org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:250)
>    at java.lang.Thread.run(Unknown Source)
>What certificate is it referring to when it says "unknown_certificate"?
>Can anyone tell me what the problem might be?

Have you looked into the file jmeter.log? Is there more information?

Felix

>Thanks,Jim

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
 
Reply | Threaded
Open this post in threaded view
|

Re: Problem with Jmeter and client certificate authentication - unknown_certificate

ohaya@yahoo.com.INVALID
 Hi,
I don't know what is wrong yet, but it has something to do with the client certs in the JKS vs. the aliases in the CSV config element, I think.
I did find that if I run 16 threads 1 time, no problem, but if I run 17 thread 1 time, then I start getting the error.
I am kind of unclear about the meaning of the alias start index and the alias end index in the Keystore configuration?
I think that the "unknown_certificate" it is referring to is that jmeter is looking for a cert with an alias, but cannot find it in the JKS, and then it is causing the "unknown_certificate" error, but I cannot figure out why this might be happening.
Jim




    On Sunday, February 23, 2020, 2:02:56 AM UTC, [hidden email] <[hidden email]> wrote:  
 
  Hi,
I checked the jmeter.log, and I don't see any additional info about this error.
Any idea which certificate it is referring to with the "unknown_certificate"?
Jim


    On Saturday, February 22, 2020, 6:48:49 PM UTC, Felix Schumacher <[hidden email]> wrote: 
 
 

Am 22. Februar 2020 16:41:07 MEZ schrieb "[hidden email]" <[hidden email]>:

>Hi,
>I am using Jmeter to test client certificate authentication.
>I have a JKS with a bunch of client certs (imported from pfx files) and
>I have Jmeter properties pointing to that JKS.
>
>In my test plan, I have a CSV Configuration (pointing to a text file
>with the list of aliases in the JKS) and a Keystore Configuration and
>it seems to work ok until I run a longer test, then I start getting the
>following errors:
>javax.net.ssl.SSLHandshakeException: Received fatal alert:
>certificate_unknown
>    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
>    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
>    at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
>    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
>    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
>Source)
>    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
>    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
>    at
>org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:553)
>    at
>org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:414)
>    at
>org.apache.jmeter.protocol.http.sampler.LazySchemeSocketFactory.connectSocket(LazySchemeSocketFactory.java:97)
>    at
>org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
>    at
>org.apache.jmeter.protocol.http.sampler.hc.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:318)
>    at
>org.apache.jmeter.protocol.http.sampler.MeasuringConnectionManager$MeasuredConnection.open(MeasuringConnectionManager.java:114)
>    at
>org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610)
>    at
>org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445)
>    at
>org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
>    at
>org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:697)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:455)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.followRedirects(HTTPSamplerBase.java:1542)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.resultProcessing(HTTPSamplerBase.java:1636)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPAbstractImpl.resultProcessing(HTTPAbstractImpl.java:525)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:536)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1189)
>    at
>org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1178)
>    at
>org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:490)
>    at
>org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:416)
>    at
>org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:250)
>    at java.lang.Thread.run(Unknown Source)
>What certificate is it referring to when it says "unknown_certificate"?
>Can anyone tell me what the problem might be?

Have you looked into the file jmeter.log? Is there more information?

Felix

>Thanks,Jim

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
   
Reply | Threaded
Open this post in threaded view
|

Re: Problem with Jmeter and client certificate authentication - unknown_certificate

Felix Schumacher
Hi Jim,

from the stacktrace it looks like you are using JMeter 4.0. Have you
tried a newer version? If not, what are your reasons for not updating?

One good reason for updating might be
https://bz.apache.org/bugzilla/show_bug.cgi?id=62766

If your problem persists after upgrading, you might want to share test
data, that shows the aliases from your keystore and the relevant csv
entries.

If you can't share that data, you can try to set the log level for the
http components to debug (in newer JMeter versions that can be done with
bin/log4j2.xml).

Felix

Am 23.02.20 um 09:19 schrieb [hidden email]:

>  Hi,
> I don't know what is wrong yet, but it has something to do with the client certs in the JKS vs. the aliases in the CSV config element, I think.
> I did find that if I run 16 threads 1 time, no problem, but if I run 17 thread 1 time, then I start getting the error.
> I am kind of unclear about the meaning of the alias start index and the alias end index in the Keystore configuration?
> I think that the "unknown_certificate" it is referring to is that jmeter is looking for a cert with an alias, but cannot find it in the JKS, and then it is causing the "unknown_certificate" error, but I cannot figure out why this might be happening.
> Jim
>
>
>
>
>     On Sunday, February 23, 2020, 2:02:56 AM UTC, [hidden email] <[hidden email]> wrote:  
>  
>   Hi,
> I checked the jmeter.log, and I don't see any additional info about this error.
> Any idea which certificate it is referring to with the "unknown_certificate"?
> Jim
>
>
>     On Saturday, February 22, 2020, 6:48:49 PM UTC, Felix Schumacher <[hidden email]> wrote: 
>  
>  
>
> Am 22. Februar 2020 16:41:07 MEZ schrieb "[hidden email]" <[hidden email]>:
>> Hi,
>> I am using Jmeter to test client certificate authentication.
>> I have a JKS with a bunch of client certs (imported from pfx files) and
>> I have Jmeter properties pointing to that JKS.
>>
>> In my test plan, I have a CSV Configuration (pointing to a text file
>> with the list of aliases in the JKS) and a Keystore Configuration and
>> it seems to work ok until I run a longer test, then I start getting the
>> following errors:
>> javax.net.ssl.SSLHandshakeException: Received fatal alert:
>> certificate_unknown
>>     at sun.security.ssl.Alerts.getSSLException(Unknown Source)
>>     at sun.security.ssl.Alerts.getSSLException(Unknown Source)
>>     at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
>>     at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
>>     at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
>> Source)
>>     at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
>>     at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
>>     at
>> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:553)
>>     at
>> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:414)
>>     at
>> org.apache.jmeter.protocol.http.sampler.LazySchemeSocketFactory.connectSocket(LazySchemeSocketFactory.java:97)
>>     at
>> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
>>     at
>> org.apache.jmeter.protocol.http.sampler.hc.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:318)
>>     at
>> org.apache.jmeter.protocol.http.sampler.MeasuringConnectionManager$MeasuredConnection.open(MeasuringConnectionManager.java:114)
>>     at
>> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610)
>>     at
>> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445)
>>     at
>> org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
>>     at
>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:697)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:455)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.followRedirects(HTTPSamplerBase.java:1542)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.resultProcessing(HTTPSamplerBase.java:1636)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPAbstractImpl.resultProcessing(HTTPAbstractImpl.java:525)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:536)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1189)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1178)
>>     at
>> org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:490)
>>     at
>> org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:416)
>>     at
>> org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:250)
>>     at java.lang.Thread.run(Unknown Source)
>> What certificate is it referring to when it says "unknown_certificate"?
>> Can anyone tell me what the problem might be?
> Have you looked into the file jmeter.log? Is there more information?
>
> Felix
>
>> Thanks,Jim
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>    

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Problem with Jmeter and client certificate authentication - unknown_certificate

ohaya@yahoo.com.INVALID
 Hi,
I was able to eliminate the "unknown_certificate" error.  There was one certificate/alias that was in the JKS, but for some reason that I still have not identified, even though the alias that I had in the CSV seemed to match the alias in the JKS exactly, it was causing the error.
If I eliminate the alias from the CSV, then I don't get the "unknown_certificate".
I am still unclear about the start and end index?  What exactly do those mean?  It seems that the end index doesn't seem to matter, if it is > than the number of certs in the keystore?
Re. why I haven't upgraded, there is no particular reason, but I just hadn't gotten around to it.  I will try a newer version if I have a chance.

Jim

    On Sunday, February 23, 2020, 9:45:23 AM UTC, Felix Schumacher <[hidden email]> wrote:  
 
 Hi Jim,

from the stacktrace it looks like you are using JMeter 4.0. Have you
tried a newer version? If not, what are your reasons for not updating?

One good reason for updating might be
https://bz.apache.org/bugzilla/show_bug.cgi?id=62766

If your problem persists after upgrading, you might want to share test
data, that shows the aliases from your keystore and the relevant csv
entries.

If you can't share that data, you can try to set the log level for the
http components to debug (in newer JMeter versions that can be done with
bin/log4j2.xml).

Felix

Am 23.02.20 um 09:19 schrieb [hidden email]:

>  Hi,
> I don't know what is wrong yet, but it has something to do with the client certs in the JKS vs. the aliases in the CSV config element, I think.
> I did find that if I run 16 threads 1 time, no problem, but if I run 17 thread 1 time, then I start getting the error.
> I am kind of unclear about the meaning of the alias start index and the alias end index in the Keystore configuration?
> I think that the "unknown_certificate" it is referring to is that jmeter is looking for a cert with an alias, but cannot find it in the JKS, and then it is causing the "unknown_certificate" error, but I cannot figure out why this might be happening.
> Jim
>
>
>
>
>    On Sunday, February 23, 2020, 2:02:56 AM UTC, [hidden email] <[hidden email]> wrote: 

>  Hi,
> I checked the jmeter.log, and I don't see any additional info about this error.
> Any idea which certificate it is referring to with the "unknown_certificate"?
> Jim
>
>
>     On Saturday, February 22, 2020, 6:48:49 PM UTC, Felix Schumacher <[hidden email]> wrote: 


>
> Am 22. Februar 2020 16:41:07 MEZ schrieb "[hidden email]" <[hidden email]>:
>> Hi,
>> I am using Jmeter to test client certificate authentication.
>> I have a JKS with a bunch of client certs (imported from pfx files) and
>> I have Jmeter properties pointing to that JKS.
>>
>> In my test plan, I have a CSV Configuration (pointing to a text file
>> with the list of aliases in the JKS) and a Keystore Configuration and
>> it seems to work ok until I run a longer test, then I start getting the
>> following errors:
>> javax.net.ssl.SSLHandshakeException: Received fatal alert:
>> certificate_unknown
>>     at sun.security.ssl.Alerts.getSSLException(Unknown Source)
>>     at sun.security.ssl.Alerts.getSSLException(Unknown Source)
>>     at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
>>     at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
>>     at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
>> Source)
>>     at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
>>     at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
>>     at
>> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:553)
>>     at
>> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:414)
>>     at
>> org.apache.jmeter.protocol.http.sampler.LazySchemeSocketFactory.connectSocket(LazySchemeSocketFactory.java:97)
>>     at
>> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
>>     at
>> org.apache.jmeter.protocol.http.sampler.hc.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:318)
>>     at
>> org.apache.jmeter.protocol.http.sampler.MeasuringConnectionManager$MeasuredConnection.open(MeasuringConnectionManager.java:114)
>>     at
>> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610)
>>     at
>> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445)
>>     at
>> org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
>>     at
>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:697)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:455)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.followRedirects(HTTPSamplerBase.java:1542)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.resultProcessing(HTTPSamplerBase.java:1636)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPAbstractImpl.resultProcessing(HTTPAbstractImpl.java:525)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:536)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1189)
>>     at
>> org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1178)
>>     at
>> org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:490)
>>     at
>> org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:416)
>>     at
>> org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:250)
>>     at java.lang.Thread.run(Unknown Source)
>> What certificate is it referring to when it says "unknown_certificate"?
>> Can anyone tell me what the problem might be?
> Have you looked into the file jmeter.log? Is there more information?
>
> Felix
>
>> Thanks,Jim
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>   

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

 
Reply | Threaded
Open this post in threaded view
|

Re: Problem with Jmeter and client certificate authentication - unknown_certificate

glinius@live.com
In reply to this post by ohaya@yahoo.com.INVALID
Most probably there is a problem with the test data, i.e. alias is missing in
the keystore or wrong certificate lives under the correct alias.

First of all I would recommend cross-checking your aliases in the keystore
and in the CSV file, you can get the list of aliases from the keystore using
keytool
<https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html>
command like:


>  a
> keytool -list -v -keystore /path/to/your/keystore | find "Alias"

For example when I use JMeter's "proxyserver.jks" as the keystore I'm
getting the next 2 aliases:

<http://www.jmeter-archive.org/file/t340375/foo.png>


> :root_ca:
> :intermediate_ca:

it means that I need exactly these 2 entries in the CSV file holding the
certificate aliases.

You might want to check out  How to Use Multiple Certificates When Load
Testing Secure Websites
<https://www.blazemeter.com/blog/how-to-use-multiple-certificates-when-load-testing-secure-websites/>  
article for comprehensive configuration instructions




--
Sent from: http://www.jmeter-archive.org/JMeter-User-f512775.html

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]