Jmeter HTTPS 代理配置 [英] Jmeter HTTPS proxy configuration

问题描述

我正在尝试使用 jmeter 来加载测试 https 网站.我已经使用 jmeter/bin 中的 proxyserver.jks 文件中的 keytool 安装了客户端证书(.pfx).

I am trying to use jmeter to load test https website. I have installed the client certificates(.pfx) using the keytool in the proxyserver.jks file in jmeter/bin.

我还使用 jmeter 手册(http://jmeter.apache.org/usermanual/jmeter_proxy_step_by_step.pdf).

I have also configured the jmeter proxy and firefox using jmeter manual (http://jmeter.apache.org/usermanual/jmeter_proxy_step_by_step.pdf).

还将 HTTP 请求采样器配置为将协议设为https".但是在运行 Firefox 时出现错误页面加载时连接已重置."

Also configured the HTTP request sampler to have the protocol as "https". But while running firefox i get the error "The connection to was reset while the page was loading."

我正在使用以下配置使用 SP3 赢得 XP 32 位jmeter 2.8火狐 21.0

I am using the below config Win XP 32 bit with SP3 jmeter 2.8 firefox 21.0

请指教.

推荐答案

HTTPS 录制JMeter 代理服务器使用虚拟证书使其能够接受来自浏览器的 SSL 连接.此证书不是浏览器通常信任的证书之一，也不会用于正确的主机.结果:

HTTPS recording JMeter proxy server uses a dummy certificate to enable it to accept the SSL connection from the browser. This certificate is not one of the certificates that browsers normally trust, and will not be for the correct host. As a consequence:

如果浏览器尚未为您的 URL 域注册证书，它应该会显示一个对话框，询问您是否要接受该证书.例如:

    If the browser hasn't already registered a certificate for the domain of your URL, it should display a dialogue asking if you want to accept the certificate or not. For example:

1) 服务器的名称www.example.com"与证书的名称JMeter Proxy"不匹配.可能有人想偷听你.

    1) The server's name "www.example.com" does not match the certificate's name "JMeter Proxy". Somebody may be trying to eavesdrop on you.

2) JMeter Proxy"的证书由未知的证书颁发机构JMeter Proxy"签署.无法验证这是一个有效的证书.

    2) The certificate for "JMeter Proxy" is signed by the unknown Certificate Authority "JMeter Proxy". It is not possible to verify that this is a valid certificate.

您需要接受证书才能允许 JMeter 代理拦截 SSL 流量以进行记录.您应该只是暂时接受证书.浏览器仅提示此对话框提供主 url 的证书，而不提示页面中加载的资源，例如托管在安全外部 CDN 上的图像、css 或 javascript 文件.如果您有这样的资源(例如 gmail 有)，您必须首先手动浏览到这些其他域，以便为它们接受 JMeter 的证书.在 jmeter.log 中检查您需要为其注册证书的安全域.

    You will need to accept the certificate in order to allow the JMeter Proxy to intercept the SSL traffic in order to record it. You should only accept the certificate temporarily. Browsers only prompt this dialogue for the certificate of the main url, not for the resources loaded in the page, such as images, css or javascript files hosted on a secured external CDN. If you have such resources (gmail has for example), you'll have to first browse manually to these other domains in order to accept JMeter's certificate for them. Check in jmeter.log for secure domains that you need to register certificate for.

如果浏览器已经为此域注册了经过验证的证书，则浏览器会将 JMeter 检测为安全漏洞并拒绝加载页面.如果是这样，您必须从浏览器的密钥库中删除受信任的证书.

    If the browser has already registered a validated certificate for this domain, the browser will detect JMeter as a security breach and will refuse to load the page. If so, you have to remove the trusted certificate from your browser's keystore. 

这篇关于Jmeter HTTPS 代理配置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！