Jmeter HTTPS代理配置 [英] Jmeter HTTPS proxy configuration

问题描述

我正在尝试使用jmeter加载测试https网站。我已经使用jmeter / bin中的proxyserver.jks文件中的keytool安装了客户端证书（.pfx）。

I am trying to use jmeter to load test https website. I have installed the client certificates(.pfx) using the keytool in the proxyserver.jks file in jmeter/bin.

我还使用jmeter手册配置了jmeter代理和firefox（ http://jmeter.apache.org/usermanual/jmeter_proxy_step_by_step.pdf ）。

I have also configured the jmeter proxy and firefox using jmeter manual (http://jmeter.apache.org/usermanual/jmeter_proxy_step_by_step.pdf).

还将HTTP请求采样器配置为将协议设置为https。但是在运行firefox时我收到错误在页面加载时重置连接。

Also configured the HTTP request sampler to have the protocol as "https". But while running firefox i get the error "The connection to was reset while the page was loading."

我使用下面的配置
Win XP 32位使用SP3
jmeter 2.8
firefox 21.0

I am using the below config Win XP 32 bit with SP3 jmeter 2.8 firefox 21.0

请指教。

推荐答案

HTTPS记录
JMeter代理服务器使用虚拟证书使其能够接受来自浏览器的SSL连接。此证书不是浏览器通常信任的证书之一，也不适用于正确的主机。
结果：

HTTPS recording JMeter proxy server uses a dummy certificate to enable it to accept the SSL connection from the browser. This certificate is not one of the certificates that browsers normally trust, and will not be for the correct host. As a consequence:

如果浏览器尚未为您的URL域注册证书，则应显示一个对话框，询问您是否要是否接受证书。例如：

    If the browser hasn't already registered a certificate for the domain of your URL, it should display a dialogue asking if you want to accept the certificate or not. For example:

1）服务器名称www.example.com与证书名称JMeter Proxy不匹配。有人可能试图窃听你。

    1) The server's name "www.example.com" does not match the certificate's name "JMeter Proxy". Somebody may be trying to eavesdrop on you.

2）JMeter Proxy的证书由未知的证书颁发机构JMeter Proxy签名。无法验证这是否是有效证书。

    2) The certificate for "JMeter Proxy" is signed by the unknown Certificate Authority "JMeter Proxy". It is not possible to verify that this is a valid certificate.

您需要接受证书才能允许JMeter代理拦截SSL流量以便把它记录下来。您应该只临时接受证书。浏览器仅针对主URL的证书提示此对话，而不是针对页面中加载的资源，例如托管在安全的外部CDN上的图像，css或javascript文件。如果你有这样的资源（例如gmail），你必须先手动浏览这些其他域，才能接受JMeter的证书。在jmeter.log中检查您需要注册证书的安全域。

    You will need to accept the certificate in order to allow the JMeter Proxy to intercept the SSL traffic in order to record it. You should only accept the certificate temporarily. Browsers only prompt this dialogue for the certificate of the main url, not for the resources loaded in the page, such as images, css or javascript files hosted on a secured external CDN. If you have such resources (gmail has for example), you'll have to first browse manually to these other domains in order to accept JMeter's certificate for them. Check in jmeter.log for secure domains that you need to register certificate for.

如果浏览器已经为此域注册了经过验证的证书，浏览器会将JMeter检测为安全漏洞并拒绝加载页面。如果是这样，您必须从浏览器的密钥库中删除可信证书。

    If the browser has already registered a validated certificate for this domain, the browser will detect JMeter as a security breach and will refuse to load the page. If so, you have to remove the trusted certificate from your browser's keystore. 

这篇关于Jmeter HTTPS代理配置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！