JMeter and optional SSL client certificate

2019-01-18 23:46发布

问题:

I'm setting up a test plan using JMeter 2.8 involving SSL client certificates. The test plan roughly consist in two https calls to server1 and server2.

The tricky part is that the call to server1 should not use SSL client authentication (although the server is requesting one) while the call to server2 must use SSL client authentication.

Currently as soon as I give a keystore to JMeter all https calls are sending SSL certificate which cause the call to server1 to fail.

I currently tried two approaches:

  1. I removed the -Djava.net.ssl.keyStore=xxx from the JMeter command line and use a BeanShell or BSH pre-processor to set it just before the call to server2 but it does not work and call to server 2 fails as if no keystore had been specified.
  2. I try to use the Keystore management configurator to specify an inexisting key before making the call to server1 but when I put the start and end indices after the last certificate in the store, JMeter still send the first certificate in the store.

回答1:

What you can do is the following:

  • Add to jmeter the following JVM Properties:

    -Djavax.net.ssl.keyStore=<path to folder containing keystore>/keystore.jks       
    
    -Djavax.net.ssl.keyStorePassword=password if any
    
  • Use Keystore Configuration

  • set in user.properties:

    https.use.cached.ssl.context=false
    
  • Use HC4Impl for the sampler that must send client certificate

  • Use JavaImpl for the one that must not send it (it is a kind of trick, I must say I don't understand why you must not send client certificate if server requests it)