Single SSL Certificate per Thread

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Single SSL Certificate per Thread

gator2003
Hi all,

I have a keystore configuration where JMeter loops through 9,999 certificates in a JKS to send HTTP Requests to the server. Currently, JMeter uses a different certificate from the keystore for each request. I want each thread to only use one certificate for all of the requests in the loop. I searched and didn't see anything specific on here or anywhere.

What I want to happen (simplified):

Thread 1-1 uses the test1 certificate to load /home
Thread 1-2 uses the test2 certificate to load /home
Thread 1-1 uses the test1 certificate to load /faq
Thread 1-2 uses the test2 certificate to load /faq
Thread 1-1 uses the test1 certificate to load /account
Thread 1-2 uses the test2 certificate to load /account

What's happening now is:

Thread 1-1 uses the test1 certificate to load /home
Thread 1-2 uses the test2 certificate to load /home
Thread 1-1 uses the test3 certificate to load /faq
Thread 1-2 uses the test4 certificate to load /faq
Thread 1-1 uses the test5 certificate to load /account
Thread 1-2 uses the test6 certificate to load /account

Also, for clarification, my HTTP Cache Manager and HTTP Cookie Manager is set to clear the cache/cookies on each iteration. Does that mean, for example, that the cache will remain for all requests on thread 1-1 and a separate cache for 2-2? When the user loads /home, they are redirected and the certificate is read, automatically logging them in and sending them to the real home page. I don’t want JMeter threads to have to log in, except for the the first URL in the thread.

The only HTTP Request in uses a variable ${test_url} from a CSV Config to try about 20 URLs in total. Another CSV Config puts the current certificate alias in ${cert_name}. https.use.cached.ssl.context is set to false.

Thanks for any help!

Reply | Threaded
Open this post in threaded view
|

Re: Single SSL Certificate per Thread

Stuart Kenworthy
Have you tried using a keystores manager and constructing the alias using variables and is or even having the key alias match the thread name and just using thread name as alias in keystores manager alias?

On 1 Sep 2017 20:29, Adam Brown <[hidden email]> wrote:
Hi all,

I have a keystore configuration where JMeter loops through 9,999 certificates in a JKS to send HTTP Requests to the server. Currently, JMeter uses a different certificate from the keystore for each request. I want each thread to only use one certificate for all of the requests in the loop. I searched and didn't see anything specific on here or anywhere.

What I want to happen (simplified):

Thread 1-1 uses the test1 certificate to load /home
Thread 1-2 uses the test2 certificate to load /home
Thread 1-1 uses the test1 certificate to load /faq
Thread 1-2 uses the test2 certificate to load /faq
Thread 1-1 uses the test1 certificate to load /account
Thread 1-2 uses the test2 certificate to load /account

What's happening now is:

Thread 1-1 uses the test1 certificate to load /home
Thread 1-2 uses the test2 certificate to load /home
Thread 1-1 uses the test3 certificate to load /faq
Thread 1-2 uses the test4 certificate to load /faq
Thread 1-1 uses the test5 certificate to load /account
Thread 1-2 uses the test6 certificate to load /account

Also, for clarification, my HTTP Cache Manager and HTTP Cookie Manager is set to clear the cache/cookies on each iteration. Does that mean, for example, that the cache will remain for all requests on thread 1-1 and a separate cache for 2-2? When the user loads /home, they are redirected and the certificate is read, automatically logging them in and sending them to the real home page. I don’t want JMeter threads to have to log in, except for the the first URL in the thread.

The only HTTP Request in uses a variable ${test_url} from a CSV Config to try about 20 URLs in total. Another CSV Config puts the current certificate alias in ${cert_name}. https.use.cached.ssl.context is set to false.

Thanks for any help!



The information included in this email and any files transmitted with it may contain information that is confidential and it must not be used by, or its contents or attachments copied or disclosed to, persons other than the intended addressee. If you have received this email in error, please notify BJSS. In the absence of written agreement to the contrary BJSS' relevant standard terms of contract for any work to be undertaken will apply. Please carry out virus or such other checks as you consider appropriate in respect of this email. BJSS does not accept responsibility for any adverse effect upon your system or data in relation to this email or any files transmitted with it. BJSS Limited, a company registered in England and Wales (Company Number 2777575), VAT Registration Number 613295452, Registered Office Address, First Floor, Coronet House, Queen Street, Leeds, LS1 2TW.
Reply | Threaded
Open this post in threaded view
|

Re: Single SSL Certificate per Thread

Stuart Kenworthy
In reply to this post by gator2003
Alias. Sorry just don't think I said alias enough in my last response. Alias

On 1 Sep 2017 20:49, [hidden email] wrote:
Have you tried using a keystores manager and constructing the alias using variables and is or even having the key alias match the thread name and just using thread name as alias in keystores manager alias?

On 1 Sep 2017 20:29, Adam Brown <[hidden email]> wrote:
Hi all,

I have a keystore configuration where JMeter loops through 9,999 certificates in a JKS to send HTTP Requests to the server. Currently, JMeter uses a different certificate from the keystore for each request. I want each thread to only use one certificate for all of the requests in the loop. I searched and didn't see anything specific on here or anywhere.

What I want to happen (simplified):

Thread 1-1 uses the test1 certificate to load /home
Thread 1-2 uses the test2 certificate to load /home
Thread 1-1 uses the test1 certificate to load /faq
Thread 1-2 uses the test2 certificate to load /faq
Thread 1-1 uses the test1 certificate to load /account
Thread 1-2 uses the test2 certificate to load /account

What's happening now is:

Thread 1-1 uses the test1 certificate to load /home
Thread 1-2 uses the test2 certificate to load /home
Thread 1-1 uses the test3 certificate to load /faq
Thread 1-2 uses the test4 certificate to load /faq
Thread 1-1 uses the test5 certificate to load /account
Thread 1-2 uses the test6 certificate to load /account

Also, for clarification, my HTTP Cache Manager and HTTP Cookie Manager is set to clear the cache/cookies on each iteration. Does that mean, for example, that the cache will remain for all requests on thread 1-1 and a separate cache for 2-2? When the user loads /home, they are redirected and the certificate is read, automatically logging them in and sending them to the real home page. I don’t want JMeter threads to have to log in, except for the the first URL in the thread.

The only HTTP Request in uses a variable ${test_url} from a CSV Config to try about 20 URLs in total. Another CSV Config puts the current certificate alias in ${cert_name}. https.use.cached.ssl.context is set to false.

Thanks for any help!




The information included in this email and any files transmitted with it may contain information that is confidential and it must not be used by, or its contents or attachments copied or disclosed to, persons other than the intended addressee. If you have received this email in error, please notify BJSS. In the absence of written agreement to the contrary BJSS' relevant standard terms of contract for any work to be undertaken will apply. Please carry out virus or such other checks as you consider appropriate in respect of this email. BJSS does not accept responsibility for any adverse effect upon your system or data in relation to this email or any files transmitted with it. BJSS Limited, a company registered in England and Wales (Company Number 2777575), VAT Registration Number 613295452, Registered Office Address, First Floor, Coronet House, Queen Street, Leeds, LS1 2TW.
Reply | Threaded
Open this post in threaded view
|

Re: Single SSL Certificate per Thread

gator2003
Having the teensiest bit of trouble parsing that (ALIAS!). If I understand you correctly, I’m not sure that will solve the double loop problem.

After some more tinkering, I found the issue. I don’t know how to solve it efficiently, but I found it! Here’s the simplified thread group I am using:

Thread group has two CSV Configs, one for the Keystore and one for the URLs to load. The thread properties were 10 users, 1 second ramp up, Loop count forever. The loop was forever because I have the URL CSV Config not recycling on EOF.

The thread group has one HTTP request that uses the URL variable. That same HTTP request has a Keystore Configuration using the alias from the Keystore Alias CSV Config.

I couldn’t get JMeter to only loop the URL CSV for the HTTP Request and not loop the Keystore Alias CSV. I tried moving the Keystore CSV config under the HTTP Request. Moving the Keystore out of the thread group (but I only have one group anyway). I changed the sharing modes around and got close a few times, but no dice.

Adding a different HTTP request object for each URL to load instead of using the CSV works exactly like I want. The keystore config still used the CSV to loop. The loop count is 1 and the number of threads is equal to the number of users I want to load all the URLs. However, that’s kind of cumbersome and I can’t have the test team changing links manually all the time in the JMX.

So, am I missing something with nested loops?

> On 1 Sep 2017 20:49, [hidden email] wrote:
> Have you tried using a keystores manager and constructing the alias using variables and is or even having the key alias match the thread name and just using thread name as alias in keystores manager alias?
Reply | Threaded
Open this post in threaded view
|

RE: Single SSL Certificate per Thread

Stuart Kenworthy
Keys stored in a keystore are given an ALIAS so they can be referenced directly this is done when the key is imported into it.

So are you wanting a specific key used per thread or per url?

If per url, have them in the same CSV so the thread pulls the url and key at the same time.

If per thread, dump the key csv and use a keystore configuration element from within the thread group and have the alias set as the format in your keystore  with at the end _${__threadNum} such as keyNumber_${__threadNum}. This means each thread will use its own key.

http://jmeter.apache.org/usermanual/functions.html#__threadNum

I have not tried this function in a keystore config element yet so may not work, if not you can capture the thread number as a variable, however, __threadNum does not work in user defined variables so create a beanshell sampler as step one in your threadgroup and copy the following line into it.

    vars.put("threadNum",String.valueOf(ctx.getThreadGroup().getNumThreads()));

The instead of using __threadNum, us ${threadNum}

Job done.

-----Original Message-----
From: Adam Brown [mailto:[hidden email]]
Sent: 03 September 2017 17:59
To: JMeter Users List <[hidden email]>
Subject: Re: Single SSL Certificate per Thread

Having the teensiest bit of trouble parsing that (ALIAS!). If I understand you correctly, I’m not sure that will solve the double loop problem.

After some more tinkering, I found the issue. I don’t know how to solve it efficiently, but I found it! Here’s the simplified thread group I am using:

Thread group has two CSV Configs, one for the Keystore and one for the URLs to load. The thread properties were 10 users, 1 second ramp up, Loop count forever. The loop was forever because I have the URL CSV Config not recycling on EOF.

The thread group has one HTTP request that uses the URL variable. That same HTTP request has a Keystore Configuration using the alias from the Keystore Alias CSV Config.

I couldn’t get JMeter to only loop the URL CSV for the HTTP Request and not loop the Keystore Alias CSV. I tried moving the Keystore CSV config under the HTTP Request. Moving the Keystore out of the thread group (but I only have one group anyway). I changed the sharing modes around and got close a few times, but no dice.

Adding a different HTTP request object for each URL to load instead of using the CSV works exactly like I want. The keystore config still used the CSV to loop. The loop count is 1 and the number of threads is equal to the number of users I want to load all the URLs. However, that’s kind of cumbersome and I can’t have the test team changing links manually all the time in the JMX.

So, am I missing something with nested loops?

> On 1 Sep 2017 20:49, [hidden email] wrote:
> Have you tried using a keystores manager and constructing the alias using variables and is or even having the key alias match the thread name and just using thread name as alias in keystores manager alias?

The information included in this email and any files transmitted with it may contain information that is confidential and it must not be used by, or its contents or attachments copied or disclosed to, persons other than the intended addressee. If you have received this email in error, please notify BJSS. In the absence of written agreement to the contrary BJSS' relevant standard terms of contract for any work to be undertaken will apply. Please carry out virus or such other checks as you consider appropriate in respect of this email. BJSS does not accept responsibility for any adverse effect upon your system or data in relation to this email or any files transmitted with it. BJSS Limited, a company registered in England and Wales (Company Number 2777575), VAT Registration Number 613295452, Registered Office Address, First Floor, Coronet House, Queen Street, Leeds, LS1 2TW.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Single SSL Certificate per Thread

gator2003
Thank you so much for this. I’m going to give it a shot.

I was looking for each key to load a group of URLs in a thread, so this should work.

On Sep 6, 2017, 5:06 AM -0400, Stuart Kenworthy <[hidden email]>, wrote:

> Keys stored in a keystore are given an ALIAS so they can be referenced directly this is done when the key is imported into it.
>
> So are you wanting a specific key used per thread or per url?
>
> If per url, have them in the same CSV so the thread pulls the url and key at the same time.
>
> If per thread, dump the key csv and use a keystore configuration element from within the thread group and have the alias set as the format in your keystore with at the end _${__threadNum} such as keyNumber_${__threadNum}. This means each thread will use its own key.
>
> http://jmeter.apache.org/usermanual/functions.html#__threadNum
>
> I have not tried this function in a keystore config element yet so may not work, if not you can capture the thread number as a variable, however, __threadNum does not work in user defined variables so create a beanshell sampler as step one in your threadgroup and copy the following line into it.
>
> vars.put("threadNum",String.valueOf(ctx.getThreadGroup().getNumThreads()));
>
> The instead of using __threadNum, us ${threadNum}
>
> Job done.
>
> -----Original Message-----
> From: Adam Brown [mailto:[hidden email]]
> Sent: 03 September 2017 17:59
> To: JMeter Users List <[hidden email]
> Subject: Re: Single SSL Certificate per Thread
>
> Having the teensiest bit of trouble parsing that (ALIAS!). If I understand you correctly, I’m not sure that will solve the double loop problem.
>
> After some more tinkering, I found the issue. I don’t know how to solve it efficiently, but I found it! Here’s the simplified thread group I am using:
>
> Thread group has two CSV Configs, one for the Keystore and one for the URLs to load. The thread properties were 10 users, 1 second ramp up, Loop count forever. The loop was forever because I have the URL CSV Config not recycling on EOF.
>
> The thread group has one HTTP request that uses the URL variable. That same HTTP request has a Keystore Configuration using the alias from the Keystore Alias CSV Config.
>
> I couldn’t get JMeter to only loop the URL CSV for the HTTP Request and not loop the Keystore Alias CSV. I tried moving the Keystore CSV config under the HTTP Request. Moving the Keystore out of the thread group (but I only have one group anyway). I changed the sharing modes around and got close a few times, but no dice.
>
> Adding a different HTTP request object for each URL to load instead of using the CSV works exactly like I want. The keystore config still used the CSV to loop. The loop count is 1 and the number of threads is equal to the number of users I want to load all the URLs. However, that’s kind of cumbersome and I can’t have the test team changing links manually all the time in the JMX.
>
> So, am I missing something with nested loops?
>
> > On 1 Sep 2017 20:49, [hidden email] wrote:
> > Have you tried using a keystores manager and constructing the alias using variables and is or even having the key alias match the thread name and just using thread name as alias in keystores manager alias?
>
> The information included in this email and any files transmitted with it may contain information that is confidential and it must not be used by, or its contents or attachments copied or disclosed to, persons other than the intended addressee. If you have received this email in error, please notify BJSS. In the absence of written agreement to the contrary BJSS' relevant standard terms of contract for any work to be undertaken will apply. Please carry out virus or such other checks as you consider appropriate in respect of this email. BJSS does not accept responsibility for any adverse effect upon your system or data in relation to this email or any files transmitted with it. BJSS Limited, a company registered in England and Wales (Company Number 2777575), VAT Registration Number 613295452, Registered Office Address, First Floor, Coronet House, Queen Street, Leeds, LS1 2TW.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]