JMeter和可选的SSL客户端证书 [英] JMeter and optional SSL client certificate

问题描述

我正在使用涉及SSL客户端证书的JMeter 2.8设置测试计划.测试计划大致包括对server1和server2的两个https调用.

I'm setting up a test plan using JMeter 2.8 involving SSL client certificates. The test plan roughly consist in two https calls to server1 and server2.

棘手的是，对server1的调用不应使用SSL客户端身份验证(尽管服务器正在请求一个)，而对server2的调用必须使用SSL客户端身份验证.

The tricky part is that the call to server1 should not use SSL client authentication (although the server is requesting one) while the call to server2 must use SSL client authentication.

当前，一旦我将密钥库提供给JMeter，所有https调用都将发送SSL证书，从而导致对server1的调用失败.

Currently as soon as I give a keystore to JMeter all https calls are sending SSL certificate which cause the call to server1 to fail.

我目前尝试了两种方法:

I currently tried two approaches:

1. 我从JMeter命令行中删除了-Djava.net.ssl.keyStore=xxx，并在调用server2之前使用BeanShell或BSH预处理器对其进行了设置，但它不起作用，并且对服务器2的调用失败，就好像没有指定密钥库一样
2. 我尝试使用Keystore管理配置器在调用server1之前指定一个不存在的密钥，但是当我将起始索引和结束索引放在存储区中的最后一个证书之后时，JMeter仍然会发送存储区中的第一个证书. /li>

1. I removed the -Djava.net.ssl.keyStore=xxx from the JMeter command line and use a BeanShell or BSH pre-processor to set it just before the call to server2 but it does not work and call to server 2 fails as if no keystore had been specified.
2. I try to use the Keystore management configurator to specify an inexisting key before making the call to server1 but when I put the start and end indices after the last certificate in the store, JMeter still send the first certificate in the store.

推荐答案

您可以执行以下操作:

• 向jmeter添加以下JVM属性:

• Add to jmeter the following JVM Properties:

-Djavax.net.ssl.keyStore=<path to folder containing keystore>/keystore.jks       

-Djavax.net.ssl.keyStorePassword=password if any

使用密钥库配置

在user.properties中设置:

set in user.properties:

https.use.cached.ssl.context=false

将HC4Impl用于必须发送客户端证书的采样器

Use HC4Impl for the sampler that must send client certificate

使用JavaImpl来发送不发送的证书(这是一种技巧，我必须说，我不明白为什么如果服务器请求它也不能发送客户端证书)

Use JavaImpl for the one that must not send it (it is a kind of trick, I must say I don't understand why you must not send client certificate if server requests it)

这篇关于JMeter和可选的SSL客户端证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！