JMeter 和可选的 SSL 客户端证书 [英] JMeter and optional SSL client certificate
问题描述
我正在使用涉及 SSL 客户端证书的 JMeter 2.8 设置测试计划.测试计划大致包括对 server1 和 server2 的两次 https 调用.
I'm setting up a test plan using JMeter 2.8 involving SSL client certificates. The test plan roughly consist in two https calls to server1 and server2.
棘手的部分是对 server1 的调用不应使用 SSL 客户端身份验证(尽管服务器正在请求),而对 server2 的调用必须使用 SSL 客户端身份验证.
The tricky part is that the call to server1 should not use SSL client authentication (although the server is requesting one) while the call to server2 must use SSL client authentication.
目前,一旦我向 JMeter 提供密钥库,所有 https 调用都会发送 SSL 证书,这会导致对 server1 的调用失败.
Currently as soon as I give a keystore to JMeter all https calls are sending SSL certificate which cause the call to server1 to fail.
我目前尝试了两种方法:
I currently tried two approaches:
- 我从 JMeter 命令行中删除了
-Djava.net.ssl.keyStore=xxx并使用 BeanShell 或 BSH 预处理器在调用 server2 之前设置它,但它没有工作并调用服务器 2 失败,就像未指定密钥库一样. - 我尝试在调用 server1 之前使用 Keystore 管理配置器指定一个不存在的密钥,但是当我将开始和结束索引放在存储中的最后一个证书之后时,JMeter 仍然发送存储中的第一个证书.
- I removed the
-Djava.net.ssl.keyStore=xxxfrom the JMeter command line and use a BeanShell or BSH pre-processor to set it just before the call to server2 but it does not work and call to server 2 fails as if no keystore had been specified. - I try to use the Keystore management configurator to specify an inexisting key before making the call to server1 but when I put the start and end indices after the last certificate in the store, JMeter still send the first certificate in the store.
推荐答案
您可以做的是:
将以下 JVM 属性添加到 jmeter:
Add to jmeter the following JVM Properties:
-Djavax.net.ssl.keyStore=<path to folder containing keystore>/keystore.jks
-Djavax.net.ssl.keyStorePassword=password if any
使用密钥库配置
在 user.properties 中设置:
set in user.properties:
https.use.cached.ssl.context=false
对必须发送客户端证书的采样器使用 HC4Impl
Use HC4Impl for the sampler that must send client certificate
对不能发送的使用JavaImpl(这是一种伎俩,我必须说我不明白为什么如果服务器请求您不能发送客户端证书)
Use JavaImpl for the one that must not send it (it is a kind of trick, I must say I don't understand why you must not send client certificate if server requests it)
这篇关于JMeter 和可选的 SSL 客户端证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
